On Mon, Mar 12, 2012 at 2:00 PM, Zachary Burnham <zburn...@efi.org> wrote: > I'd have thought that providing relevant information would have been helpful > . > > Nevertheless, I'm still having trouble with this. I've exported the > relevant CA certificate and edited ~ /.subversion/servers to look for it. I > know that it's finding it, because when I deliberately misspell the file > name, it gives me a different error (svn: Invalid config: unable to load > certificate file '/<home>/.subversion/geotruste.pem') than I have been > seeing previously (SSL certificate checks failed: Server certificate > verification failed: issuer is not trusted). Is there something else I can > try?
Random suggestion: does the server provide the entire certificate chain to the client? In Apache: see the SSLCertificateChainFile directive [1]. Other than that, try to narrow it down: - Does this only happen with OSX 10.7.3? Can you try with other platforms? Did it occur with a previous version of OSX? - The failing svn client: is it built against another openssl version than svn clients which do succeed? [1] http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcertificatechainfile -- Johan