X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=0.0 required=5.0 tests=BAYES_50,SPF_PASS
X-Spam-Check-By:	sourceware.org
References:	<8CC3B544DAEBC51-1530-14FCD AT webmail-d023 DOT sysops DOT aol DOT com>
To:	cygwin AT cygwin DOT com
Subject:	subversion issues with server certs in latest cygwin
Date:	Tue, 24 Nov 2009 14:59:14 -0500
X-AOL-IP:	192.1.118.102
In-Reply-To:	<8CC3B544DAEBC51-1530-14FCD@webmail-d023.sysops.aol.com>
X-MB-Message-Source:	WebUI
MIME-Version:	1.0
From:	wyndsayl AT aim DOT com
X-MB-Message-Type:	User
Message-Id:	<8CC3B57BB0D00A5-1530-15725@webmail-d023.sysops.aol.com>
X-AOL-SENDER:	wyndsayl AT aim DOT com
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

We have several people who have updated their cygwin setup in the last=20
month or so, and after doing so subversion no longer wants to connect=20
to our subversion server.=C2=A0=C2=A0 The server uses apache and ssl with o=
ur own=20
cert.=C2=A0 After upgrading the subversion client no longer ask the "this=
=20
cert is untrusted, do you still want to connect" question.

It should do this:

=C2=A0=C2=A0=C2=A0 $ svn ls https://myserver.com/svn/myproject
=C2=A0=C2=A0=C2=A0 Error validating server certificate for 'https://myserve=
r.com:443':
=C2=A0=C2=A0=C2=A0=C2=A0 - The certificate is not issued by a trusted autho=
rity. Use the
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fingerprint to validate the certificat=
e manually!
=C2=A0=C2=A0=C2=A0 Certificate information:
=C2=A0=C2=A0=C2=A0=C2=A0 - Hostname: myserver.com
=C2=A0=C2=A0=C2=A0=C2=A0 - Valid: from Thu, 08 Oct 2009 23:05:48 GMT until =
Sat, 08 Oct 2011=20
23:05:48 GMT
=C2=A0=C2=A0=C2=A0 (R)eject, accept (t)emporarily or accept (p)ermanently? p
=C2=A0=C2=A0=C2=A0 Authentication realm: <https://myserver.com:443>; myproj=
ect

Instead it does this:

=C2=A0=C2=A0=C2=A0 $ svn ls https://myserver.com/svn/myproject
=C2=A0=C2=A0=C2=A0 svn: OPTIONS of 'https://myserver.com/svn/myproject': SS=
L handshake=20
failed:
=C2=A0=C2=A0=C2=A0=C2=A0 SSL error: certificate verify failed (https://myse=
rver)

It also doesn't appear to access the already cached info since some of=20
these people were using subversion previous to the upgrade.

The only way to get it to connect to the server is to have the user=20
install the ca cert on their system, then things work.

This only seems to happen in cygwin.=C2=A0 If I install a regular windows=
=20
distribution on the system, from collabnet.com, it works fine.=C2=A0=20
Connecting using a browser works fine, asks to take the security risk=20
then continues on. It works from other systems (macs, netbsd, ubuntu)=20
so I don't believe that it has anything to do with the environment.=C2=A0

The same thing happens against multiple servers for various projects.=C2=A0=
=20
Our servers are using netbsd with:

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Apache/2.2.11 (Unix)=C2=A0 SVN/1=
.6.5=C2=A0 mod_ssl/2.2.11=C2=A0=20
OpenSSL/0.9.9-dev=C2=A0 DAV/2=C2=A0 mod_wsgi/2.5=C2=A0 Python/2.5.4

Any help would be appreciated, but I believe it's a problem with the=20
distribution since it's now very reproducible.




=20=20

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -