On 2008-Apr-9, at 1:24 AM, Niels Kobschaetzki wrote:
I have a repo to which I connect via https. The problem is that it uses a self-signed certificate and I to tell svn each time to trust the certificate (even so that I tell it to accept it permanently).
I had this problem with the svn server at work because it uses a cert signed by an internal Certificate Authority. Subversion is asking openssl if a cert is OK or not, so if you can convince openssl that it's OK, the rest of the system will like it. (And by "the rest of the system", I mean the unix stuff. Most GUI apps will use the keychain… unless it's a GUI app like TextMate or svnX that's calling unix commands in the background… but you get the idea.)
I was able to get it "trusted" (and eliminate the prompt) by copying our CA's cert (blah.pem) to /System/Library/OpenSSL/certs/ and running `sudo c_rehash`. I haven't tried this with just a self-signed cert, but the solution is probably similar.
And no, you're never ever supposed to touch anything in /System, but that's the only location I've found that openssl checks for certs. Apple places absolutely nothing in the certs directory when you install the OS, so I can only conclude that it is meant to be used by the local system admin. (Why else would it exist at all?) Perhaps someone will correct me.
--- Rob McBroom http://www.skurfer.com/