I am running Subversion 1.6.17 as installed by MacPorts 1.9.2 on Mac OS X 10.6.7. What do I have to do to get Subversion to recognize that the certificate we are using for Mac OS Forge *is* issued by a trusted authority? I want a solution that does not involve every MacPorts contributor having to see this message and press "p"; I want a solution that does not involve anyone seeing this message at all.
Do I have to somehow provide Subversion with a bundle of well-known trusted certificates? MacPorts includes the port curl-ca-bundle which installs a bundle of certs from Mozilla, and is used by the curl port to be able to access https sites. Can Subversion make use of that same bundle?
I use the binaries that Jeremy Whitlock provides and which you can
download at CollabNet. This is what I get:
Path: macports
URL: https://svn.macosforge.org/repository/macports
Repository Root: https://svn.macosforge.org/repository/macports
Repository UUID: d073be05-634f-4543-b044-5fe20cf6d1d6
Revision: 78307
Node Kind: directory
Last Changed Author: gwr...@macports.org
Last Changed Rev: 78307
Last Changed Date: 2011-05-02 15:33:44 -0400 (Mon, 02 May 2011)
His binaries use the OpenSSL that comes from Apple and that might be
the difference?
For MacPorts, I would think it would depend upon what is in:
/opt/local/etc/openssl
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
No, you don't. It hasn't been released yet.
You *might* be running a "Subversion 1.6.17 (dev build)" --- i.e.,
1.6.16 plus patches. It might say "1.6.17 (under development)" later if
a certain backport proposal (in STATUS) is approved.
I just assumed it is a typo.
Oops, I meant 1.6.16.
On Mon, 2 May 2011 at 16:17:26 Mark Phippard wrote:
> I use the binaries that Jeremy Whitlock provides and which you can
> download at CollabNet. This is what I get:
>
> $ svn info https://svn.macosforge.org/repository/macports
> Path: macports
> URL: https://svn.macosforge.org/repository/macports
> Repository Root: https://svn.macosforge.org/repository/macports
> Repository UUID: d073be05-634f-4543-b044-5fe20cf6d1d6
> Revision: 78307
> Node Kind: directory
> Last Changed Author: gwright_at_macports.org
> Last Changed Rev: 78307
> Last Changed Date: 2011-05-02 15:33:44 -0400 (Mon, 02 May 2011)
>
> His binaries use the OpenSSL that comes from Apple and that might be
> the difference?
>
> For MacPorts, I would think it would depend upon what is in:
>
> /opt/local/etc/openssl
All that's in there is what the openssl port put there:
$ port contents openssl | grep /etc
/opt/local/etc/openssl/misc/CA.pl
/opt/local/etc/openssl/misc/CA.sh
/opt/local/etc/openssl/misc/c_hash
/opt/local/etc/openssl/misc/c_info
/opt/local/etc/openssl/misc/c_issuer
/opt/local/etc/openssl/misc/c_name
/opt/local/etc/openssl/misc/tsget
/opt/local/etc/openssl/openssl.cnf
Perhaps related is this ticket which explains that the openssl port doesn't install any certificates:
https://trac.macports.org/ticket/19247
Which is apparently as the openssl developers intend it:
http://www.openssl.org/support/faq.html#USER16
Which is apparently why we have the curl-ca-bundle port to provide those root certificates for curl's use. But that doesn't help when not using curl (e.g. when using svn). What would we have to do to provide an openssl-global collection of root certificates?