Re: 0.29.0 - PKCS12 Certificates Only?

From: Tobias Ringström <tobias_at_ringstrom.mine.nu>
Date: 2003-09-12 10:45:13 CEST

Garret Wilson wrote:

>> If you set 'ssl-trust-default-ca = true' in your ~/.subversion/servers
>> file, svn will trust all the the 'default' CAs installed by a sysadmin.
>
> 1. Will this work on Win32, too? Will the Win32 client recognize the
> usual root CAs? (e.g. VeriSign, Thawte, InstantSSL, Comodo, etc.)

The current version of Neon uses OpenSSL even on Windows, so I don't
think that it has access to the CA certificates installed in Windows. My
guess is that the Windows port of OpenSSL looks for a PEM file
containing CA certificates, just as it does on unix.

I do not know exactly where OpenSSH on Windows looks for the PEM file
contaning the CA certificates, but I'm hoping that one of the Windows
gurus do. It would be really nice if a CA certificate list was included
in the installer.

> 2. Can't we have "ssl-trust-default-ca" default to true? The whole
> point of trusted root CAs is that they can be trusted, and the whole
> point of installing root CAs is that those are trusted by default. (By
> analogy, I'd hate to have to change a configuration file just to order
> from amazon.com using HTTPS in a browser.)

It is already on by default.

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Sep 12 10:46:16 2003

This message: [ Message body ]
Next message: Michael Wood: "Re: Solaris8 build fails to link with -ldb"
Previous message: Michael Wood: "Re: svn:externals set to tag"
In reply to: Garret Wilson: "Re: 0.29.0 - PKCS12 Certificates Only?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]