[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 0.29.0 - PKCS12 Certificates Only?

From: David Waite <mass_at_akuma.org>
Date: 2003-09-09 00:57:26 CEST

Doug Dicks wrote:

>On Mon, 2003-09-08 at 15:41, Mukund wrote:
>
>
>>On Mon, Sep 08, 2003 at 03:33:36PM -0500, Doug Dicks wrote:
>>
>>
>>>This is now broke and I get prompted to confirm my server's certificate
>>>every time. I assume this is due to the following change from the
>>>release notes for .29:
>>>
>>>
>>The server CA certificate files (ssl-authority-files) are still PEM
>>encoded. It is now seperated to be one certificate per file. The option
>>is now called 'ssl-authority-files'.
>>
>>
>
>
>
>>If your server certificate is signed by Equifax, you will have to get
>>their CA certificate and use that with the 'ssl-authority-files' option.
>>
>>
>
>Got it. Thanks. I am only concerned about the CA files right now. I
>extracted the Equifax cert that came with RH from
>/usr/share/ssl/cert.pem and everything works great.
>
>Interestingly enough, it also picks it up correctly if I leave the file
>as is with multiple CA certs as well. Looks like part (all) of this was
>stupid-user-error. ssl-authority-files != ssl-authorities-files I
>changed file to files, but not authorities to authority. Stupid. I
>read the release notes and assumed that was the problem was related to
>the "dropped support for PEM-encoded clients", not understanding the
>difference between the CA files and the client certs.
>
>
>
I believe 0.23.9 still allows for multiple certs in a single file, and
that 0.24.1 does not :-)

-David Waite

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Sep 9 01:00:19 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.