On Sat, Oct 8, 2011 at 12:17 AM, Diego de Oliveira Fucitalo <di...@gsw.com.br> wrote: > -----Mensagem original----- > De: Johan Corveleyn [mailto:jcor...@gmail.com] > Enviada em: sexta-feira, 7 de outubro de 2011 19:16 > Para: Diego de Oliveira Fucitalo > Cc: users@subversion.apache.org > Assunto: Re: RES: RES: Using SSL > > [ Please don't top-post on this list, but put your reply inline or at the > bottom. Re-arranging your reply ... more below. ] > >> -----Mensagem original----- >> De: Johan Corveleyn [mailto:jcor...@gmail.com] Enviada em: >> sexta-feira, 7 de outubro de 2011 18:41 >> Para: Diego de Oliveira Fucitalo >> Cc: users@subversion.apache.org >> Assunto: Re: RES: RES: Using SSL >> >>> On Friday 07 October 2011 09:17 PM, Diego de Oliveira Fucitalo wrote: >>> >>> Hi, after accept never ask .. but I would like configure for never >>> ask >> >> This is possible, but only if you have some control over the "client >> configuration" of your users (the so-called "Runtime Configuration Area"). >> In the "servers" file, you can set the property "ssl-authority-files" to a >> file containing trusted CA certificates [1]. There is also >> "ssl-trust-default-ca": "Set this variable to yes if you want Subversion to >> automatically trust the set of default CAs that ship with OpenSSL." >> >> On *nix, you can configure this system-wide, in /etc/subversion/servers. On >> Windows, this can also be done system-wide (but only through the registry >> [2], I believe). >> >> >> [1] >> http://svnbook.red-bean.com/en/1.6/svn.advanced.confarea.html#svn.adva >> nced.confarea.opts.servers [2] >> http://svnbook.red-bean.com/en/1.6/svn.advanced.confarea.html#svn.adva >> nced.confarea.windows-registry >> -- > > On Fri, Oct 7, 2011 at 11:43 PM, Diego de Oliveira Fucitalo > <di...@gsw.com.br> wrote: >> Hi, >> >> I creat the file servers in /etc/subversion with: >> >> [global] >> #ssl-trust-default-ca = true >> ssl-ignore-unknown-ca = true >> ssl-authority-files = >> /etc/httpd/conf.d/certificados/intermediarios.cer >> >> But, don't work. > > You might have to experiment a bit before it works. I got this working at my > company, but I remember I had to configure Apache to send the entire > certificate chain (not only the server's certificate itself). > See the SSLCertificateChainFile directive of Apache. > > But just to be clear: this /etc/subversion/servers file needs to be installed > on the client machine (where the svn client is running). If those clients are > on Unix machines, you can configure it in /etc/subversion/servers (or in the > ~/.subversion directory of your users). If your users are Windows users, you > need to get this configuration on each and every one of their client pc's. > > -- > Johan > > I configured the SSLCertificateChainFile, because i have other sites work > with ssl, only svn don't work.
Ok, good. Now, did you perform the ssl-authority-files configuration on the client with which you are testing? It needs to be in the client-side configuration. -- Johan
