subversion issues with server certs in latest cygwin

wyndsayl@aim.com wyndsayl@aim.com
Tue Nov 24 22:09:00 GMT 2009 

We have several people who have updated their cygwin setup in the last 
month or so, and after doing so subversion no longer wants to connect 
to our subversion server.   The server uses apache and ssl with our own 
cert.  After upgrading the subversion client no longer ask the "this 
cert is untrusted, do you still want to connect" question.

It should do this:

    $ svn ls https://myserver.com/svn/myproject
    Error validating server certificate for 'https://myserver.com:443':
     - The certificate is not issued by a trusted authority. Use the
       fingerprint to validate the certificate manually!
    Certificate information:
     - Hostname: myserver.com
     - Valid: from Thu, 08 Oct 2009 23:05:48 GMT until Sat, 08 Oct 2011 
23:05:48 GMT
    (R)eject, accept (t)emporarily or accept (p)ermanently? p
    Authentication realm: <https://myserver.com:443>; myproject

Instead it does this:

    $ svn ls https://myserver.com/svn/myproject
    svn: OPTIONS of 'https://myserver.com/svn/myproject': SSL handshake 
failed:
     SSL error: certificate verify failed (https://myserver)

It also doesn't appear to access the already cached info since some of 
these people were using subversion previous to the upgrade.

The only way to get it to connect to the server is to have the user 
install the ca cert on their system, then things work.

This only seems to happen in cygwin.  If I install a regular windows 
distribution on the system, from collabnet.com, it works fine.  
Connecting using a browser works fine, asks to take the security risk 
then continues on. It works from other systems (macs, netbsd, ubuntu) 
so I don't believe that it has anything to do with the environment. 

The same thing happens against multiple servers for various projects.  
Our servers are using netbsd with:

        Apache/2.2.11 (Unix)  SVN/1.6.5  mod_ssl/2.2.11  
OpenSSL/0.9.9-dev  DAV/2  mod_wsgi/2.5  Python/2.5.4

Any help would be appreciated, but I believe it's a problem with the 
distribution since it's now very reproducible.




  

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list