TortoiseSVN 1.14.6 (64-bit) and ' Error Validating Server Certificate'

[TG FMS Account]

Hi All,

After version upgrade I have issue with internal SVN server which reports error in subject.

There is no option to permanently accept this certificate, only temporary and cancel.

After downgrade to 1.14.5 there is no error or warning.

It seems that only workaround for that is to edit servers config file.

Is this a bug or some new security feature not mentioned in change log?

[Daniel Sahlberg]

TortoiseSVN 1.14.5 was using OpenSSL 1.1.1m

TortoiseSVN 1.14.6 is using OpenSSL 3.2.0

The change was done since OpenSSL 1.1.1 is considered EOL from September 11th 2023.

Probably the certificate you are using is signed with an algorithm that is deprecated/removed in OpenSSL 3.2.0. Can you check the certificate and potentially update the certificate to a more modern algorithm?

Kind regards,

Daniel Sahlberg

[TG FMS Account]

Hi,

I don't think that this is the problem because you can temporary accept this cert and it's fine.

I'm reading this https://www.openssl.org/news/openssl-3.2-notes.html and found that:

• Support for using the Windows system certificate store as a source of trusted root certificates

  This is not yet enabled by default and must be activated using an environment variable. This is likely to become enabled by default in a future feature release.

Seems to me that it could be that because I have my enterprise CA on all PCs.

Regards,

K

[TG FMS Account]

Hi,

Found root cause: Verify return code: 67 (CA certificate key too weak)

CA that issued cert for SVN server was using 1024 bit key.

After renewing CA cert and renewing SVN server cert issue is fixed.

Thank you!

[Daniel Sahlberg]

Great, thanks for reporting back!

/Daniel