HTTPS with Serf: Certificate untrusted?

[Joel Low <jo...@joelsplace.sg>]

Hello, I was recently trying to check out my source tree from Sourceforge over HTTPS with Serf, and Subversion (command line client, TortoiseSVN was affected too) complained that the certificate the server presented was not trusted. I added the root cert to ssl-authority-files in servers, to no effect. Switching over to Neon made the prompts go away (even with the ssl-authority-files directive commented out).

Am I missing something, or should the behaviour between the two RA layers be the same?

Regards,
Joel

RE: HTTPS with Serf: Certificate untrusted?

[Bert Huijben <be...@qqmail.nl>]

> -----Original Message-----
> From: Joel Low [mailto:joel@joelsplace.sg]
> Sent: donderdag 8 maart 2012 14:08
> To: users@subversion.apache.org
> Subject: HTTPS with Serf: Certificate untrusted?
> 
> Hello, I was recently trying to check out my source tree from Sourceforge
over
> HTTPS with Serf, and Subversion (command line client, TortoiseSVN was
> affected too) complained that the certificate the server presented was not
> trusted. I added the root cert to ssl-authority-files in servers, to no
effect.
> Switching over to Neon made the prompts go away (even with the
ssl-authority-
> files directive commented out).
> 
> Am I missing something, or should the behaviour between the two RA layers
be
> the same?

Serf reports a generic failure on some certificate errors, where neon
reports an authority untrusted.

Subversion only allows saving certificates as accepted for explicit errors
like out of date or authority untrusted.

When the certificate processing in the serf library is fixed Subversion will
automatically work as expected.

	Bert
> 
> Regards,
> Joel