<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Jun 30, 2010, at 5:31 PM, Mark Saad wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>All<br> I just upgraded my pkgsrc to 2010Q1 to get a newer svn binary installed and to <br>convert to 64bit binaries.<br>After upgrading I cant check out sources from a https subversion server. I keep <br>getting this openssl error<br><br><br># svn co <a href="https://vim.svn.sourceforge.net/svnroot/vim/vim7">https://vim.svn.sourceforge.net/svnroot/vim/vim7</a><br>svn: OPTIONS of '<a href="https://vim.svn.sourceforge.net/svnroot/vim/vim7'">https://vim.svn.sourceforge.net/svnroot/vim/vim7'</a>: SSL <br>handshake failed: SSL error: block type is not 01 <br>(<a href="https://vim.svn.sourceforge.net">https://vim.svn.sourceforge.net</a>)<br><br><br>I am using the following versions <br><br>neon-0.29.3 <br>apr-1.3.9 <br>apr-util-1.3.9 <br>subversion-base-1.6.9nb1<br><br>openssl-0.9.8mnb2<br><br><br>I googled around and people are saying you need to update the cert on the <br>subversion server. While this is find when you have access to it. In this case , <br>and may others I do not have access. Does anyone know what the issue is and if <br>there is client side solution ?<br><br><br><br> --<br>Mark Saad<br><a href="mailto:mark.saad@ymail.com">mark.saad@ymail.com</a></div></blockquote><br></div><div>Mark,</div><div><br></div><div>On my machine I get the following and was able to checkout the code. </div><div><br></div><div><div><span class="Apple-tab-span" style="white-space:pre"> </span>thoth:Projects mikel$ svn co <a href="https://vim.svn.sourceforge.net/svnroot/vim/vim7">https://vim.svn.sourceforge.net/svnroot/vim/vim7</a></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Error validating server certificate for '<a href="https://vim.svn.sourceforge.net:443'">https://vim.svn.sourceforge.net:443'</a>:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> - The certificate is not issued by a trusted authority. Use the</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> fingerprint to validate the certificate manually!</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Certificate information:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> - Hostname: *.svn.sourceforge.net</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> - Valid: from Mon, 04 Jan 2010 20:21:55 GMT until Sat, 05 Feb 2011 15:03:23 GMT</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> - Issuer: Equifax Secure Certificate Authority, Equifax, US</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> - Fingerprint: ea:d1:3e:01:cc:16:e9:9b:c2:ab:4b:0c:cc:26:5f:25:78:ea:89:b4</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>(R)eject, accept (t)emporarily or accept (p)ermanently? t</div><div><br></div><div>Perhaps you need to install the certificate on your machine manually?</div><div><br></div><div>There's a section in the docs about <a href="http://svnbook.red-bean.com/en/1.5/svn.serverconfig.netmodel.html%23svn.serverconfig.netmodel.credcache">“Client Credentials Caching”</a> that may help.</div><div><br></div><div>There is also a not about forcing clients to trust a particular CA (<a href="http://svnbook.red-bean.com/en/1.5/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.sslcerts">http://svnbook.red-bean.com/en/1.5/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.sslcerts</a>).</div><div><br></div><div><span class="Apple-style-span" style="font-family: serif; ">Your runtime <code class="filename" style="font-family: serif; font-style: italic; ">servers</code> file also gives you the ability to make your Subversion client automatically trust specific CAs, either globally or on a per-host basis. Simply set the <code class="literal">ssl-authority-files</code> variable to a semicolon-separated list of PEM-encoded CA certificates:</span></div><div><br></div><div>I hope all this helps.</div><div><br></div><div>Cheers,</div><div>Mikel</div><div><br></div></div></body></html>