[Bug 474633] Re: svn client ignores the setting ssl-trust-default-ca
Christian Affolter
c.affolter at stepping-stone.ch
Thu Dec 15 17:39:53 UTC 2011
I run into the same problem and figured out that subversion looks for
valid "default" root CA certs within /etc/ssl/certs/ca-certificates.crt
if you set "ssl-trust-default-ca = yes".
To trust your own CA (and add it to the ca-certificates.crt), proceed
with the following steps:
mkdir /usr/share/ca-certificates/example.com
cp Example_CA.crt /usr/share/ca-certificates/example.com/.
echo "example.com/Example_CA.crt" >> /etc/ca-certificates.conf
update-ca-certificates -v
Afterwards subversion accepts the server certificate.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subversion in Ubuntu.
https://bugs.launchpad.net/bugs/474633
Title:
svn client ignores the setting ssl-trust-default-ca
Status in “subversion” package in Ubuntu:
New
Bug description:
Binary package hint: subversion
AFAIK, this happens since 'forever'... I've been using svn with my own
CA at least since Gutsy and this always happened.
I set (either in my personal ~/.subversion/servers, or in the global
/etc/subversion/servers config file) the following:
ssl-trust-default-ca = yes
I've added my CA to the openssl instalation and properly run "dpkg-reconfigure ca-certificates", and I see the entries for my CA certificate in /etc/ssl/certs... however, the client ALWAYS complain.
I can avoid this if I manually add EVERY CA I want to use to
ssl-authority-files =
but this is a LIST that won't take a directory name or wildcards in
it.
Now I'm using a certificate actually signed by Equifax and it still
not recognized by svn (firefox, epiphany and thunderbird did recognize
it, but at least tb and ff don't use the default openssl CA certs but
their own)...
I don't know if this is because of an upstream problem or an ubuntu
configuration problem, but it certainly doesn't work.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/474633/+subscriptions
More information about the foundations-bugs
mailing list