[rhelv6-list] Subversion client with https and internal CA on RHEL6
Matthias Saou
thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net
Wed Feb 23 16:59:10 UTC 2011
Hi,
I can't seem to figure out the proper clean way to have the svn CLI
client trust all https URLs using certificates signed by an internal
CA. With RHEL5, it was easy :
$ strace svn co https://myserver/repo/ 2>&1 | grep pki
open("/etc/pki/tls/cert.pem", O_RDONLY) = 3
open("/etc/pki/tls/cert.pem", O_RDONLY) = 3
stat("/etc/pki/tls/certs/b903d65c.0", 0x7fff7f839980) = -1 ENOENT (No
such file or directory)
The SSL library being used looked for a CA certificate named after a
hash specific to that certificate (which you got with openssl x509
-hash -noout -in myca.crt). With RHEL6 this happens no more :
$ strace svn co https://myserver/repo/ 2>&1 | grep pki
open("/etc/pki/tls/certs/ca-bundle.crt", O_RDONLY) = 4
open("/etc/pki/tls/certs/ca-bundle.crt", O_RDONLY) = 4
Appending my CA's certificate to ca-bundle.crt works of course, but
it's a much more fragile and less elegant solution. Does anyone know
what the proper way is now?
Matthias
--
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora release 14 (Laughlin) - Linux kernel 2.6.35.10-72.fc14.x86_64
Load : 0.00 0.04 0.11
More information about the rhelv6-list
mailing list