[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion and SSL *-certificates

From: Mark Phippard <markphip_at_gmail.com>
Date: 2007-04-18 13:49:07 CEST

On 4/18/07, Reinhard Brandstädter <reinhard.brandstaedter@jku.at> wrote:
> On Tuesday 17 April 2007 17:07, Mark Phippard wrote:
>
> > Can you paste in the exact message the user sees? I do not recall
> > Subversion ever making any claims about the validity of a certificate.
> > What it does is show you the details of a certificate and ask you if
> > you want to accept it. It does this for all certificate, even ones
> > provided by root CA's.
>
> svn list https://svn-abc.domain.local/trunk
> Error validating server certificate for 'https://svn-abc.domain.local:443':
> - The certificate hostname does not match.
> Certificate information:
> - Hostname: svn-*.domain.local
> - Valid: from Oct 17 07:18:14 2006 GMT until Oct 17 07:18:14 2009 GMT
> - Issuer: Educational CA, Cybertrust, BE
> - Fingerprint: 9f:7e:24:80:45:13:e3:7b:8d:c7:5a:28:21:17:57:69:fe:98:ff:38
> (R)eject, accept (t)emporarily or accept (p)ermanently?
>
> I guess it's not a subversion problem itself but one of the underlying SSL
> library maybe. (note: I've modified the dns hostnames in the post)

I am not sure what the correct behavior is, but presumably this would
either be determined by OpenSSL, or perhaps Subversion's usage of
OpenSSL such as the options it provides it.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Apr 18 13:49:32 2007

This is an archived mail posted to the Subversion Users mailing list.