[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion and SSL *-certificates

From: Mark Phippard <markphip_at_gmail.com>
Date: 2007-04-18 13:49:07 CEST

On 4/18/07, Reinhard Brandstädter <reinhard.brandstaedter@jku.at> wrote:
> On Tuesday 17 April 2007 17:07, Mark Phippard wrote:
> > Can you paste in the exact message the user sees? I do not recall
> > Subversion ever making any claims about the validity of a certificate.
> > What it does is show you the details of a certificate and ask you if
> > you want to accept it. It does this for all certificate, even ones
> > provided by root CA's.
> svn list https://svn-abc.domain.local/trunk
> Error validating server certificate for 'https://svn-abc.domain.local:443':
> - The certificate hostname does not match.
> Certificate information:
> - Hostname: svn-*.domain.local
> - Valid: from Oct 17 07:18:14 2006 GMT until Oct 17 07:18:14 2009 GMT
> - Issuer: Educational CA, Cybertrust, BE
> - Fingerprint: 9f:7e:24:80:45:13:e3:7b:8d:c7:5a:28:21:17:57:69:fe:98:ff:38
> (R)eject, accept (t)emporarily or accept (p)ermanently?
> I guess it's not a subversion problem itself but one of the underlying SSL
> library maybe. (note: I've modified the dns hostnames in the post)

I am not sure what the correct behavior is, but presumably this would
either be determined by OpenSSL, or perhaps Subversion's usage of
OpenSSL such as the options it provides it.

Mark Phippard
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Apr 18 13:49:32 2007

This is an archived mail posted to the Subversion Users mailing list.