[rhelv6-list] Subversion client with https and internal CA on RHEL6
Hugh Brown
hbrown at divms.uiowa.edu
Wed Feb 23 18:09:02 UTC 2011
On 02/23/2011 10:59 AM, Matthias Saou wrote:
> Hi,
>
> I can't seem to figure out the proper clean way to have the svn CLI
> client trust all https URLs using certificates signed by an internal
> CA. With RHEL5, it was easy :
>
> $ strace svn co https://myserver/repo/ 2>&1 | grep pki
> open("/etc/pki/tls/cert.pem", O_RDONLY) = 3
> open("/etc/pki/tls/cert.pem", O_RDONLY) = 3
> stat("/etc/pki/tls/certs/b903d65c.0", 0x7fff7f839980) = -1 ENOENT (No
> such file or directory)
>
> The SSL library being used looked for a CA certificate named after a
> hash specific to that certificate (which you got with openssl x509
> -hash -noout -in myca.crt). With RHEL6 this happens no more :
>
> $ strace svn co https://myserver/repo/ 2>&1 | grep pki
> open("/etc/pki/tls/certs/ca-bundle.crt", O_RDONLY) = 4
> open("/etc/pki/tls/certs/ca-bundle.crt", O_RDONLY) = 4
>
> Appending my CA's certificate to ca-bundle.crt works of course, but
> it's a much more fragile and less elegant solution. Does anyone know
> what the proper way is now?
>
> Matthias
>
In ~/.subversion/servers you can set ssl-authority-files to point at
your CAs cert in pem format
Hugh
--
System Administrator
University of Iowa DIVMS Support Group
hbrown at divms.uiowa.edu
Have a problem? Send mail to request at divms.uiowa.edu
More information about the rhelv6-list
mailing list