[nycbug-talk] OpenSSL 0.9.8m Issue
mikel.king at olivent.com
Wed Jun 30 21:20:47 EDT 2010
On Jun 30, 2010, at 5:31 PM, Mark Saad wrote:
> I just upgraded my pkgsrc to 2010Q1 to get a newer svn binary
> installed and to
> convert to 64bit binaries.
> After upgrading I cant check out sources from a https subversion
> server. I keep
> getting this openssl error
> # svn co https://vim.svn.sourceforge.net/svnroot/vim/vim7
> svn: OPTIONS of 'https://vim.svn.sourceforge.net/svnroot/vim/vim7':
> handshake failed: SSL error: block type is not 01
> I am using the following versions
> I googled around and people are saying you need to update the cert
> on the
> subversion server. While this is find when you have access to it. In
> this case ,
> and may others I do not have access. Does anyone know what the
> issue is and if
> there is client side solution ?
> Mark Saad
> mark.saad at ymail.com
On my machine I get the following and was able to checkout the code.
thoth:Projects mikel$ svn co https://vim.svn.sourceforge.net/svnroot/vim/vim7
Error validating server certificate for 'https://vim.svn.sourceforge.net:443'
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
- Hostname: *.svn.sourceforge.net
- Valid: from Mon, 04 Jan 2010 20:21:55 GMT until Sat, 05 Feb 2011
- Issuer: Equifax Secure Certificate Authority, Equifax, US
- Fingerprint: ea:d1:3e:01:cc:16:e9:9b:c2:ab:4b:0c:cc:26:5f:25:78:ea:
(R)eject, accept (t)emporarily or accept (p)ermanently? t
Perhaps you need to install the certificate on your machine manually?
There's a section in the docs about “Client Credentials Caching” that
There is also a not about forcing clients to trust a particular CA (http://svnbook.red-bean.com/en/1.5/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.sslcerts
Your runtime servers file also gives you the ability to make your
Subversion client automatically trust specific CAs, either globally or
on a per-host basis. Simply set the ssl-authority-files variable to a
semicolon-separated list of PEM-encoded CA certificates:
I hope all this helps.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk