[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 0.29.0 - PKCS12 Certificates Only?

From: Tobias Ringström <tobias_at_ringstrom.mine.nu>
Date: 2003-09-12 10:45:13 CEST

Garret Wilson wrote:

>> If you set 'ssl-trust-default-ca = true' in your ~/.subversion/servers
>> file, svn will trust all the the 'default' CAs installed by a sysadmin.
>
> 1. Will this work on Win32, too? Will the Win32 client recognize the
> usual root CAs? (e.g. VeriSign, Thawte, InstantSSL, Comodo, etc.)

The current version of Neon uses OpenSSL even on Windows, so I don't
think that it has access to the CA certificates installed in Windows. My
guess is that the Windows port of OpenSSL looks for a PEM file
containing CA certificates, just as it does on unix.

I do not know exactly where OpenSSH on Windows looks for the PEM file
contaning the CA certificates, but I'm hoping that one of the Windows
gurus do. It would be really nice if a CA certificate list was included
in the installer.

> 2. Can't we have "ssl-trust-default-ca" default to true? The whole
> point of trusted root CAs is that they can be trusted, and the whole
> point of installing root CAs is that those are trusted by default. (By
> analogy, I'd hate to have to change a configuration file just to order
> from amazon.com using HTTPS in a browser.)

It is already on by default.

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Sep 12 10:46:16 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.