Internal SSL CA stopped working on Windows 7 / TSVN 1.9.7

[Jan Hlavatý]

After updating to the latest version of TSVN, my internal TLS CA stopped being recognized both in TSVN and bundled commandline svn.
I am presented with this:

Error validating server certificate for '####hostname####':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!

It looks like it cannot see the CA in the windows trusted root CA certificate list anymore!
It is still there, and it works fine for example in Internet Explorer.
It was working fine before.

How can i fix/debug this?

[Jan Hlavatý]

tested older 1.9.5, and it is broken the same way, which means it is probably caused by recent Windows update ;(

[Jan Hlavatý]

Found a workaround:

Configure list of CA certificates in %APPDATA%\Subversion\servers using ssl-authority-files configuration parameter

[Jan Hlavatý]

Seems to be problem with upstream svn, happens with the CollabNet commandline build of svn too

[Jan Hlavatý]

Found another workaround, server side.

Added the CA to the certificate file or CACertificateChainFile.

Adding roots of trust to the chain when there are no intermediate CAs is contrary to the best practices for TLS deployment as far as i know, but seems to help.