[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Hard time to verify ssl server certificate.

From: Tobias Ringström <tobias_at_ringstrom.mine.nu>
Date: 2005-02-28 18:47:18 CET

Josef Wolf wrote:

>Do you know a better way? tinyca gave me the md5, probably because this
>is the default with RSA keys. svn presented sha1. How do I verify that
>the certificate is valid when I have only md5 and svn presents me sha1?
[I agree with everything Sussman has said, and I can confirm that neon
is only giving us the SHA-1 fingerprint, although it does not seem to be
documented anywhere.]

There are two problems here. The first is that Subversion does not
specify that it's displaying the SHA-1 fingerprint (although you tell in
a hackish way by the different fingerprint size), and the second is that
tinyca (which I know nothing about, btw) does not show you the SHA-1
fingerprint. I will work on making Subversion say that it's showing the
SHA-1 fingerprint, but you might want to contact the author of tinyca to
also show the SHA-1 fingerprint as well as the MD5 fingerprint.

In the mean time, you should be able to generate an SHA-1 fingerprint
when you create the certificate using openssl using something like

    openssl x509 -in server.crt -noout -fingerprint -sha1


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Feb 28 18:49:51 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.