On 02/23/2011 10:59 AM, Matthias Saou wrote:
Hi,
I can't seem to figure out the proper clean way to have the svn CLI
client trust all https URLs using certificates signed by an internal
CA. With RHEL5, it was easy :
$ strace svn co https://myserver/repo/ 2>&1 | grep pki
open("/etc/pki/tls/cert.pem", O_RDONLY) = 3
open("/etc/pki/tls/cert.pem", O_RDONLY) = 3
stat("/etc/pki/tls/certs/b903d65c.0", 0x7fff7f839980) = -1 ENOENT (No
such file or directory)
The SSL library being used looked for a CA certificate named after a
hash specific to that certificate (which you got with openssl x509
-hash -noout -in myca.crt). With RHEL6 this happens no more :
$ strace svn co https://myserver/repo/ 2>&1 | grep pki
open("/etc/pki/tls/certs/ca-bundle.crt", O_RDONLY) = 4
open("/etc/pki/tls/certs/ca-bundle.crt", O_RDONLY) = 4
Appending my CA's certificate to ca-bundle.crt works of course, but
it's a much more fragile and less elegant solution. Does anyone know
what the proper way is now?
Matthias
In ~/.subversion/servers you can set ssl-authority-files to point at
your CAs cert in pem format
Hugh
--
System Administrator
University of Iowa DIVMS Support Group
[email protected]
Have a problem? Send mail to [email protected]
_______________________________________________
rhelv6-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv6-list
