[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Hard time to verify ssl server certificate.

From: Josef Wolf <jw_at_raven.inka.de>
Date: 2005-02-17 22:42:13 CET


I used tinyca to create a CA and issued a server certificate that is
signed by this CA. Upon creation of the certificate, tinyca printed a
fingerprint of the freshly generated certificate. When I connect to
the server via konqueror or mozilla, the browser warns me that the
certificate is issued by an unknown CA and asks me to check the
fingerprint. Since the displayed fingerprint is the same that was
printed on certificate creation, I can confirm the check. Everything
fine that far.

But when I connect to the same sever with svn, and svn asks me to verify
the certificate, it prints me a completely _different_ fingerprint. Then
I go and say svn should accept the certificate permanently so that svn
saves the certificate in ~/.subversion/auth/svn.ssl.server directory.
When I compare this saved certificate with the one that is stored by
konqueror, the certificate is _identical_, but the file contains additional

K 10
V 1532
[ certificate goes here ]
K 15
V 25
K 8
V 1

It appears that svn calculates the md5sum of the _whole_ file that is
stored in ~/.subversion/auth/svn.ssl.server directory. Instead, it
should extract the certificate and calculate the md5sum on the extracted
certificate only.

Is this a known problem? Or have I simply skrewed up my installation?

No software patents!
-- Josef Wolf -- jw@raven.inka.de --
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Feb 17 22:52:23 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.