You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Jehan PROCACCIA <Je...@it-sudparis.eu> on 2011/01/27 18:52:02 UTC
global SSL trust CA
hello,
since I configure my svn server in https , any time I do a co or ci I
get the server certificate presented and pompting me to accept it
temporarly or reject it.
To prevent that I set in ~/.subversion/servers
[global]
ssl-authority-files = /etc/pki/tls/certs/cachain.pem
Now, is there a way to allow that CA file globally to all users on the
machine, because I don't want to ask each and every of my 200 students
to edit their ~/.subversion/servers .
isn't there a global configuration file for that ?
Thanks .
Re: global SSL trust CA
Posted by Nico Kadel-Garcia <nk...@gmail.com>.
On Sat, Jan 29, 2011 at 11:46 AM, Stefan Sperling <st...@elego.de> wrote:
> On Fri, Jan 28, 2011 at 03:05:24PM +0100, Jehan PROCACCIA wrote:
>> Le 27/01/2011 20:04, Stefan Sperling a écrit :
>> >On Thu, Jan 27, 2011 at 06:52:02PM +0100, Jehan PROCACCIA wrote:
>> >>hello,
>> >>
>> >>since I configure my svn server in https , any time I do a co or ci
>> >>I get the server certificate presented and pompting me to accept it
>> >>temporarly or reject it.
>> >>To prevent that I set in ~/.subversion/servers
>> >>[global]
>> >>ssl-authority-files = /etc/pki/tls/certs/cachain.pem
>> >>
>> >>Now, is there a way to allow that CA file globally to all users on
>> >>the machine, because I don't want to ask each and every of my 200
>> >>students to edit their ~/.subversion/servers .
>> >>isn't there a global configuration file for that ?
>> >Yes, there is: /etc/subversion/servers
>> >
>> >Stefan
>> thanks , copying my ~/.subversion/servers to
>> /etc/subversion/servers seems to do the job .
>> I run an rpm base distrib ... should'nt that file be there by
>> default ? or I missed to install a package ?
>>
>> # rpm -qa | grep subversion
>> subversion-javahl-1.6.13-1.fc13.i686
>> subversion-1.6.13-1.fc13.i686
>> subversion-libs-1.6.13-1.fc13.i686
>> g
>>
>
> Wether that file exists by default is up to the packager.
> E.g. on OpenBSD it's present by default to configure svn to not
> store plaintext passwords by default.
I'll suggest it for the next RPMforge update, I've been submitting
Subversion there.
Any idea on when 1.6.16 would happen? Or the plan to go to 1.17.0 next?
Re: global SSL trust CA
Posted by Stefan Sperling <st...@elego.de>.
On Fri, Jan 28, 2011 at 03:05:24PM +0100, Jehan PROCACCIA wrote:
> Le 27/01/2011 20:04, Stefan Sperling a écrit :
> >On Thu, Jan 27, 2011 at 06:52:02PM +0100, Jehan PROCACCIA wrote:
> >>hello,
> >>
> >>since I configure my svn server in https , any time I do a co or ci
> >>I get the server certificate presented and pompting me to accept it
> >>temporarly or reject it.
> >>To prevent that I set in ~/.subversion/servers
> >>[global]
> >>ssl-authority-files = /etc/pki/tls/certs/cachain.pem
> >>
> >>Now, is there a way to allow that CA file globally to all users on
> >>the machine, because I don't want to ask each and every of my 200
> >>students to edit their ~/.subversion/servers .
> >>isn't there a global configuration file for that ?
> >Yes, there is: /etc/subversion/servers
> >
> >Stefan
> thanks , copying my ~/.subversion/servers to
> /etc/subversion/servers seems to do the job .
> I run an rpm base distrib ... should'nt that file be there by
> default ? or I missed to install a package ?
>
> # rpm -qa | grep subversion
> subversion-javahl-1.6.13-1.fc13.i686
> subversion-1.6.13-1.fc13.i686
> subversion-libs-1.6.13-1.fc13.i686
> g
>
Wether that file exists by default is up to the packager.
E.g. on OpenBSD it's present by default to configure svn to not
store plaintext passwords by default.
Stefan
Re: global SSL trust CA
Posted by Jehan PROCACCIA <Je...@it-sudparis.eu>.
Le 27/01/2011 20:04, Stefan Sperling a écrit :
> On Thu, Jan 27, 2011 at 06:52:02PM +0100, Jehan PROCACCIA wrote:
>> hello,
>>
>> since I configure my svn server in https , any time I do a co or ci
>> I get the server certificate presented and pompting me to accept it
>> temporarly or reject it.
>> To prevent that I set in ~/.subversion/servers
>> [global]
>> ssl-authority-files = /etc/pki/tls/certs/cachain.pem
>>
>> Now, is there a way to allow that CA file globally to all users on
>> the machine, because I don't want to ask each and every of my 200
>> students to edit their ~/.subversion/servers .
>> isn't there a global configuration file for that ?
> Yes, there is: /etc/subversion/servers
>
> Stefan
thanks , copying my ~/.subversion/servers to /etc/subversion/servers
seems to do the job .
I run an rpm base distrib ... should'nt that file be there by default ?
or I missed to install a package ?
# rpm -qa | grep subversion
subversion-javahl-1.6.13-1.fc13.i686
subversion-1.6.13-1.fc13.i686
subversion-libs-1.6.13-1.fc13.i686
Re: global SSL trust CA
Posted by Stefan Sperling <st...@elego.de>.
On Thu, Jan 27, 2011 at 06:52:02PM +0100, Jehan PROCACCIA wrote:
> hello,
>
> since I configure my svn server in https , any time I do a co or ci
> I get the server certificate presented and pompting me to accept it
> temporarly or reject it.
> To prevent that I set in ~/.subversion/servers
> [global]
> ssl-authority-files = /etc/pki/tls/certs/cachain.pem
>
> Now, is there a way to allow that CA file globally to all users on
> the machine, because I don't want to ask each and every of my 200
> students to edit their ~/.subversion/servers .
> isn't there a global configuration file for that ?
Yes, there is: /etc/subversion/servers
Stefan