Re: Error validating server certificate

On Mon, 2 May 2011 at 23:34:54 Daniel Shahaf wrote:
> > I am running Subversion 1.6.17
>
> No, you don't. It hasn't been released yet.

Oops, I meant 1.6.16.

On Mon, 2 May 2011 at 16:17:26 Mark Phippard wrote:

> I use the binaries that Jeremy Whitlock provides and which you can
> download at CollabNet. This is what I get:
>
> $ svn info https://svn.macosforge.org/repository/macports
> Path: macports
> URL: https://svn.macosforge.org/repository/macports
> Repository Root: https://svn.macosforge.org/repository/macports
> Repository UUID: d073be05-634f-4543-b044-5fe20cf6d1d6
> Revision: 78307
> Node Kind: directory
> Last Changed Author: gwright_at_macports.org
> Last Changed Rev: 78307
> Last Changed Date: 2011-05-02 15:33:44 -0400 (Mon, 02 May 2011)
>
> His binaries use the OpenSSL that comes from Apple and that might be
> the difference?
>
> For MacPorts, I would think it would depend upon what is in:
>
> /opt/local/etc/openssl

All that's in there is what the openssl port put there:

$ port contents openssl | grep /etc
  /opt/local/etc/openssl/misc/CA.pl
  /opt/local/etc/openssl/misc/CA.sh
  /opt/local/etc/openssl/misc/c_hash
  /opt/local/etc/openssl/misc/c_info
  /opt/local/etc/openssl/misc/c_issuer
  /opt/local/etc/openssl/misc/c_name
  /opt/local/etc/openssl/misc/tsget
  /opt/local/etc/openssl/openssl.cnf

Perhaps related is this ticket which explains that the openssl port doesn't install any certificates:

https://trac.macports.org/ticket/19247

Which is apparently as the openssl developers intend it:

http://www.openssl.org/support/faq.html#USER16

Which is apparently why we have the curl-ca-bundle port to provide those root certificates for curl's use. But that doesn't help when not using curl (e.g. when using svn). What would we have to do to provide an openssl-global collection of root certificates?
Received on 2011-05-04 01:02:44 CEST