[nycbug-talk] OpenSSL 0.9.8m Issue

mikel king mikel.king at olivent.com
Wed Jun 30 21:20:47 EDT 2010

On Jun 30, 2010, at 5:31 PM, Mark Saad wrote:

> All
>  I just upgraded my pkgsrc to 2010Q1 to get a newer svn binary  
> installed and to
> convert to 64bit binaries.
> After upgrading I cant check out sources from a https subversion  
> server.  I keep
> getting this openssl error
> # svn co https://vim.svn.sourceforge.net/svnroot/vim/vim7
> svn: OPTIONS of 'https://vim.svn.sourceforge.net/svnroot/vim/vim7':  
> handshake failed: SSL error: block type is not 01
> (https://vim.svn.sourceforge.net)
> I am using the following versions
> neon-0.29.3
> apr-1.3.9
> apr-util-1.3.9
> subversion-base-1.6.9nb1
> openssl-0.9.8mnb2
> I googled around and people are saying you need to update the cert  
> on the
> subversion server. While this is find when you have access to it. In  
> this case ,
> and may others I do not have access.  Does anyone know what the  
> issue is and if
> there is client side solution ?
> --
> Mark Saad
> mark.saad at ymail.com


On my machine I get the following and was able to checkout the code.

	thoth:Projects mikel$ svn co https://vim.svn.sourceforge.net/svnroot/vim/vim7
	Error validating server certificate for 'https://vim.svn.sourceforge.net:443' 
	 - The certificate is not issued by a trusted authority. Use the
	   fingerprint to validate the certificate manually!
	Certificate information:
	 - Hostname: *.svn.sourceforge.net
	 - Valid: from Mon, 04 Jan 2010 20:21:55 GMT until Sat, 05 Feb 2011  
15:03:23 GMT
	 - Issuer: Equifax Secure Certificate Authority, Equifax, US
	 - Fingerprint: ea:d1:3e:01:cc:16:e9:9b:c2:ab:4b:0c:cc:26:5f:25:78:ea: 
	(R)eject, accept (t)emporarily or accept (p)ermanently? t

Perhaps you need to install the certificate on your machine manually?

There's a section in the docs about “Client Credentials Caching” that  
may help.

There is also a not about forcing clients to trust a particular CA (http://svnbook.red-bean.com/en/1.5/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.sslcerts 

Your runtime servers file also gives you the ability to make your  
Subversion client automatically trust specific CAs, either globally or  
on a per-host basis. Simply set the ssl-authority-files variable to a  
semicolon-separated list of PEM-encoded CA certificates:

I hope all this helps.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20100630/99d65da9/attachment.html>

More information about the talk mailing list