Hi Rory, On Sat, 2009-11-07 at 21:40 +0000, Rory Campbell-Lange wrote: > Further to the issues already reported our commercial certificate is > reporting an svn error. > > svn: OPTIONS of 'https://campbell-lange.net:4343/<reposname>': > Certificate verification error: signed using insecure algorithm > (https://campbell-lange.net:4343) > > You can check this error at https://campbell-lange.net:4343/ (which > Firefox accepts as a valid certificate). > > I would be grateful for more information. Neon just output the result of the GNU TLS connection error as defined in its documentation[1]: GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure algorithm such as MD2 or MD5. These algorithms have been broken and should not be trusted.
Indeed, your certificate is signed with MD5; see "Certificate Signature Algorithm" part of your certificate, it says "PKCS #1 MD5 With RSA Encryption". Recent conversion on mailing list of Subversion[2] states that it doesn't have an option to ask Neon/GNU TLS to ignore this error. Can you ask for a new certificate signed with a more secure algorithm? Regards, Laszlo/GCS [1] http://www.gnu.org/software/gnutls/manual/html_node/Verifying-X_002e509-certificate-paths.html [2] http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&viewType=browseAll&dsMessageId=2401276 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
