Re: Subversion and SSL *-certificates

From: Ryan Schmidt <subversion-2007b_at_ryandesign.com>
Date: 2007-04-18 22:02:29 CEST

On Apr 18, 2007, at 14:11, Hannes Erven wrote:

> Reinhard Brandstädter wrote:
>
>> svn list https://svn-abc.domain.local/trunk
>> Error validating server certificate for 'https://svn-
>> abc.domain.local:443':
>> - The certificate hostname does not match.
>> Certificate information:
>> - Hostname: svn-*.domain.local
>
> It looks like if you modified your DNS names. The host name in die
> Subversion URL needs to equal the host name stored in the host's
> certificate.
>
> In the output above, you're connecting to svn-abc.domain.local but
> the certificate identifies the server as svn-*.domain.local.
>
> Can you use the host name that is in the certificate to connect?
> That should work, without SSL warnings.

Hannes, it's a wildcard SSL certificate. The hostname in the
certificate is not an actual hostname, but a wildcarded expression
representing a whole set of hostnames.

I had only ever seen wildcard SSL certificates of the form
*.example.com which is different from Reinhard's svn-*.example.com. I
have not yet found the spec that describes wildcard SSL certificates
to see what is and is not considered valid.

It would be best if Subversion would support wildcard SSL certificates.

-- 
To reply to the mailing list, please use your mailer's Reply To All  
function
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Wed Apr 18 22:02:58 2007

This message: [ Message body ]
Next message: Andy Levy: "Re: Biggest number of revisions under FSFS?"
Previous message: Andreas Hasenack: "Re: Recovering from DB corruption: advice requested"
In reply to: Hannes Erven: "Re: Subversion and SSL *-certificates"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]