[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RES: RES: RES: Using SSL

From: Diego de Oliveira Fucitalo <diego_at_gsw.com.br>
Date: Fri, 7 Oct 2011 22:37:39 +0000

-----Mensagem original-----
De: Johan Corveleyn [mailto:jcorvel_at_gmail.com]
Enviada em: sexta-feira, 7 de outubro de 2011 19:36
Para: Diego de Oliveira Fucitalo
Cc: users_at_subversion.apache.org
Assunto: Re: RES: RES: Using SSL

On Sat, Oct 8, 2011 at 12:17 AM, Diego de Oliveira Fucitalo <diego_at_gsw.com.br> wrote:
> -----Mensagem original-----
> De: Johan Corveleyn [mailto:jcorvel_at_gmail.com] Enviada em:
> sexta-feira, 7 de outubro de 2011 19:16
> Para: Diego de Oliveira Fucitalo
> Cc: users_at_subversion.apache.org
> Assunto: Re: RES: RES: Using SSL
>
> [ Please don't top-post on this list, but put your reply inline or at
> the bottom. Re-arranging your reply ... more below. ]
>
>> -----Mensagem original-----
>> De: Johan Corveleyn [mailto:jcorvel_at_gmail.com] Enviada em:
>> sexta-feira, 7 de outubro de 2011 18:41
>> Para: Diego de Oliveira Fucitalo
>> Cc: users_at_subversion.apache.org
>> Assunto: Re: RES: RES: Using SSL
>>
>>> On Friday 07 October 2011 09:17 PM, Diego de Oliveira Fucitalo wrote:
>>>
>>> Hi, after accept never ask .. but I would like configure for never
>>> ask
>>
>> This is possible, but only if you have some control over the "client configuration" of your users (the so-called "Runtime Configuration Area"). In the "servers" file, you can set the property "ssl-authority-files" to a file containing trusted CA certificates [1]. There is also "ssl-trust-default-ca": "Set this variable to yes if you want Subversion to automatically trust the set of default CAs that ship with OpenSSL."
>>
>> On *nix, you can configure this system-wide, in /etc/subversion/servers. On Windows, this can also be done system-wide (but only through the registry [2], I believe).
>>
>>
>> [1]
>> http://svnbook.red-bean.com/en/1.6/svn.advanced.confarea.html#svn.adv
>> a
>> nced.confarea.opts.servers [2]
>> http://svnbook.red-bean.com/en/1.6/svn.advanced.confarea.html#svn.adv
>> a
>> nced.confarea.windows-registry
>> --
>
> On Fri, Oct 7, 2011 at 11:43 PM, Diego de Oliveira Fucitalo <diego_at_gsw.com.br> wrote:
>> Hi,
>>
>> I creat the file servers in /etc/subversion with:
>>
>> [global]
>> #ssl-trust-default-ca = true
>> ssl-ignore-unknown-ca = true
>> ssl-authority-files =
>> /etc/httpd/conf.d/certificados/intermediarios.cer
>>
>> But, don't work.
>
> You might have to experiment a bit before it works. I got this working at my company, but I remember I had to configure Apache to send the entire certificate chain (not only the server's certificate itself).
> See the SSLCertificateChainFile directive of Apache.
>
> But just to be clear: this /etc/subversion/servers file needs to be installed on the client machine (where the svn client is running). If those clients are on Unix machines, you can configure it in /etc/subversion/servers (or in the ~/.subversion directory of your users). If your users are Windows users, you need to get this configuration on each and every one of their client pc's.
>
> --
> Johan
>
> I configured the SSLCertificateChainFile, because i have other sites work with ssl, only svn don't work.

Ok, good. Now, did you perform the ssl-authority-files configuration on the client with which you are testing? It needs to be in the client-side configuration.

--
Johan
in this case is easier for me to accept a certificate in, when I accept the certificate don't ask again. 
Received on 2011-10-08 00:39:02 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.