X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=0.0 required=5.0 tests=BAYES_50,SPF_PASS X-Spam-Check-By: sourceware.org References: <8CC3B544DAEBC51-1530-14FCD AT webmail-d023 DOT sysops DOT aol DOT com> To: cygwin AT cygwin DOT com Content-Transfer-Encoding: quoted-printable Subject: subversion issues with server certs in latest cygwin Date: Tue, 24 Nov 2009 14:59:14 -0500 X-AOL-IP: 192.1.118.102 In-Reply-To: <8CC3B544DAEBC51-1530-14FCD@webmail-d023.sysops.aol.com> X-MB-Message-Source: WebUI MIME-Version: 1.0 From: wyndsayl AT aim DOT com X-MB-Message-Type: User Content-Type: text/plain; charset="utf-8"; format=flowed Received: from 192.1.118.102 by webmail-d023.sysops.aol.com (205.188.181.19) with HTTP (WebMailUI); Tue, 24 Nov 2009 14:59:14 -0500 Message-Id: <8CC3B57BB0D00A5-1530-15725@webmail-d023.sysops.aol.com> X-AOL-SENDER: wyndsayl AT aim DOT com X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com We have several people who have updated their cygwin setup in the last=20 month or so, and after doing so subversion no longer wants to connect=20 to our subversion server.=C2=A0=C2=A0 The server uses apache and ssl with o= ur own=20 cert.=C2=A0 After upgrading the subversion client no longer ask the "this= =20 cert is untrusted, do you still want to connect" question. It should do this: =C2=A0=C2=A0=C2=A0 $ svn ls https://myserver.com/svn/myproject =C2=A0=C2=A0=C2=A0 Error validating server certificate for 'https://myserve= r.com:443': =C2=A0=C2=A0=C2=A0=C2=A0 - The certificate is not issued by a trusted autho= rity. Use the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fingerprint to validate the certificat= e manually! =C2=A0=C2=A0=C2=A0 Certificate information: =C2=A0=C2=A0=C2=A0=C2=A0 - Hostname: myserver.com =C2=A0=C2=A0=C2=A0=C2=A0 - Valid: from Thu, 08 Oct 2009 23:05:48 GMT until = Sat, 08 Oct 2011=20 23:05:48 GMT =C2=A0=C2=A0=C2=A0 (R)eject, accept (t)emporarily or accept (p)ermanently? p =C2=A0=C2=A0=C2=A0 Authentication realm: ; myproj= ect Instead it does this: =C2=A0=C2=A0=C2=A0 $ svn ls https://myserver.com/svn/myproject =C2=A0=C2=A0=C2=A0 svn: OPTIONS of 'https://myserver.com/svn/myproject': SS= L handshake=20 failed: =C2=A0=C2=A0=C2=A0=C2=A0 SSL error: certificate verify failed (https://myse= rver) It also doesn't appear to access the already cached info since some of=20 these people were using subversion previous to the upgrade. The only way to get it to connect to the server is to have the user=20 install the ca cert on their system, then things work. This only seems to happen in cygwin.=C2=A0 If I install a regular windows= =20 distribution on the system, from collabnet.com, it works fine.=C2=A0=20 Connecting using a browser works fine, asks to take the security risk=20 then continues on. It works from other systems (macs, netbsd, ubuntu)=20 so I don't believe that it has anything to do with the environment.=C2=A0 The same thing happens against multiple servers for various projects.=C2=A0= =20 Our servers are using netbsd with: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Apache/2.2.11 (Unix)=C2=A0 SVN/1= .6.5=C2=A0 mod_ssl/2.2.11=C2=A0=20 OpenSSL/0.9.9-dev=C2=A0 DAV/2=C2=A0 mod_wsgi/2.5=C2=A0 Python/2.5.4 Any help would be appreciated, but I believe it's a problem with the=20 distribution since it's now very reproducible. =20=20 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple