subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Phippard <markp...@gmail.com>
Subject Re: Error validating server certificate
Date Mon, 02 May 2011 20:17:26 GMT
On Mon, May 2, 2011 at 4:03 PM, Ryan Schmidt
<subversion-2011a@ryandesign.com> wrote:
> $ svn info https://svn.macosforge.org/repository/macports
> Error validating server certificate for 'https://svn.macosforge.org:443':
>  - The certificate is not issued by a trusted authority. Use the
>   fingerprint to validate the certificate manually!
> Certificate information:
>  - Hostname: *.macosforge.org
>  - Valid: from Thu, 28 Apr 2011 22:45:15 GMT until Sat, 31 May 2014 10:51:08 GMT
>  - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by reference,
Entrust, Inc., US
>  - Fingerprint: bf:77:a4:84:d4:3e:0c:55:28:3d:2a:37:bc:8a:47:39:76:73:b7:02
> (R)eject, accept (t)emporarily or accept (p)ermanently?
>
>
> I am running Subversion 1.6.17 as installed by MacPorts 1.9.2 on Mac OS X 10.6.7. What
do I have to do to get Subversion to recognize that the certificate we are using for Mac OS
Forge *is* issued by a trusted authority? I want a solution that does not involve every MacPorts
contributor having to see this message and press "p"; I want a solution that does not involve
anyone seeing this message at all.
>
> Do I have to somehow provide Subversion with a bundle of well-known trusted certificates?
MacPorts includes the port curl-ca-bundle which installs a bundle of certs from Mozilla, and
is used by the curl port to be able to access https sites. Can Subversion make use of that
same bundle?

I use the binaries that Jeremy Whitlock provides and which you can
download at CollabNet.  This is what I get:

$ svn info https://svn.macosforge.org/repository/macports
Path: macports
URL: https://svn.macosforge.org/repository/macports
Repository Root: https://svn.macosforge.org/repository/macports
Repository UUID: d073be05-634f-4543-b044-5fe20cf6d1d6
Revision: 78307
Node Kind: directory
Last Changed Author: gwright@macports.org
Last Changed Rev: 78307
Last Changed Date: 2011-05-02 15:33:44 -0400 (Mon, 02 May 2011)

His binaries use the OpenSSL that comes from Apple and that might be
the difference?

For MacPorts, I would think it would depend upon what is in:

/opt/local/etc/openssl

-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/

Mime
View raw message