From users-return-20989-apmail-subversion-users-archive=subversion.apache.org@subversion.apache.org Mon Mar 3 22:49:47 2014 Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3B2CE1068D for ; Mon, 3 Mar 2014 22:49:47 +0000 (UTC) Received: (qmail 43248 invoked by uid 500); 3 Mar 2014 22:49:46 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 43196 invoked by uid 500); 3 Mar 2014 22:49:46 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 43189 invoked by uid 99); 3 Mar 2014 22:49:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2014 22:49:46 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lieven.govaerts@gmail.com designates 209.85.213.171 as permitted sender) Received: from [209.85.213.171] (HELO mail-ig0-f171.google.com) (209.85.213.171) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2014 22:49:39 +0000 Received: by mail-ig0-f171.google.com with SMTP id hl1so6418843igb.4 for ; Mon, 03 Mar 2014 14:49:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=YOk07NM99oQpDPMZ0HhdncGPI1HzCSX+fC37OKDzjBo=; b=X5O0g5mcKWKKnlGhCXyZ6MUcvM6l2YzITYpzp6exAap0cBlWb1G5q5nkd6XXJ+WanT ZRPB5awYdI2veHwxD6FfQ6dDHDJd8QmwYtj0cvtY3VmRhJbq9LhNgph8DXoynufX3t1K gnT+8kSxWk5PUcMVVVKEVgWmSGi+dm9YT/cmRufj817Dcn+edBi2pt79PwZIVA7Dr9II DBJhsd66p+JCSXEPeMXDiEYlaLJ2fPxy9dtV5qC/aO6llcOFNFDlua0ARREKly1u/qqX 9EN0ZHWkx2IXKfttt8O1VvHOKffYNKQ70b+ySWRbYe6vEsNfh0nWGAqq6emdgpUNQ3nV YxrA== X-Received: by 10.43.146.69 with SMTP id jx5mr27969143icc.42.1393886958674; Mon, 03 Mar 2014 14:49:18 -0800 (PST) MIME-Version: 1.0 Sender: lieven.govaerts@gmail.com Received: by 10.50.181.231 with HTTP; Mon, 3 Mar 2014 14:48:58 -0800 (PST) In-Reply-To: <53115CB0.3040207@gmail.com> References: <53115CB0.3040207@gmail.com> From: Lieven Govaerts Date: Mon, 3 Mar 2014 23:48:58 +0100 X-Google-Sender-Auth: 7QIZQRid-ZuugUS0qJ8vjRh1gWI Message-ID: Subject: Re: Update from 1.8.5 to 1.8.8 breaks my self-signed numeric IP certificate To: Daniel Widdis Cc: "users@subversion.apache.org" Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Hi Daniel, On Sat, Mar 1, 2014 at 5:06 AM, Daniel Widdis wrote: > I recently upgraded from 1.8.5 to 1.8.8 via macports. The new version > refused to permanently accept my self-signed certificate, citing an "unknown > error". > > Certificates generated on Windows 2008 Server using VisualSVN 2.7.4. > > Hostname is a numeric IP on a VPN (192.168.100.59) > > Client is Mac OS X 10.9.1 (Mavericks) with svn installed via Macports: > subversion @1.8.5_1+universal (active) <---- this setup works > subversion @1.8.8_0+no_bdb+universal <---- this setup fails > > Under 1.8.8: > $ svn update > Updating '.': > Error validating server certificate for 'https://192.168.100.59:443': > - The certificate has an unknown error. > Certificate information: > - Hostname: 192.168.100.59 > - Valid: from Mar 1 02:21:16 2014 GMT until Feb 27 02:21:16 2024 GMT > - Issuer: > - Fingerprint: BE:C4:65:B6:0E:BD:5C:EE:F4:DB:A9:E1:EB:AE:B6:BC:43:F2:E7:5E > (R)eject or accept (t)emporarily? t > At revision 46. Could you send: - the output of: $ openssl s_client -connect 192.168.100.59:443 - and/or create a self signed key + cert using your method that fails with svn 1.8.8 ? This should give us the necessary extra info to simulate your issue. Note: since you're using a self signed certificate this log/key-cert pair shouldn't contain any private info, but if you prefer you can send them to me privately. > Under 1.8.5 with no other changes: > $ svn update > Updating '.': > At revision 46. > regards, Lieven