Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
1.6.x
-
None
-
Linux
Description
subversion is not compatible with neon which configures with gnutls for SSL support( using gnutls default on rhel6/centos6). neon, since 0.29.0. Addd "NE_SSL_BADCHAIN" for SSL verification failure(value as 0x10). neon changelogs : "SSL verification failure bits extended by NE_SSL_BADCHAIN and NE_SSL_REVOKED" To subversion, could not remap this new failures values(0x18) if SSL certification chain is broken(eg. selfsign CA), and treats as SVN_AUTH_SSL_OTHER. However, there is no problem if neon configures openssl for SSL support, because there no check_chain_expiry() for openssl in neon。 how to reproduce: [chapmanou@warehouse ~]$ svn list https://xxxxx Error validating server certificate for 'https://xxxxx:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! - The certificate has an unknown error. Certificate information: - Hostname: xxxxx - Valid: from Mon, 10 Sep 2012 01:38:06 GMT until Wed, 10 Sep 2014 01:38:06 GMT - Issuer: xxxxx - Fingerprint: 65:a6:ef:7a:3a:3b:34:cb:78:4b:85:1f:0f:2f:d0:69:75:48:89:e9
Original issue reported by ochapman