[TxMt] Subversion-Bundle and https

[Rob McBroom]

On 2008-Apr-9, at 1:24 AM, Niels Kobschaetzki wrote:

> I have a repo to which I connect via https. The problem is that it
> uses a self-signed certificate and I to tell svn each time to trust
> the certificate (even so that I tell it to accept it permanently).

I had this problem with the svn server at work because it uses a cert  
signed by an internal Certificate Authority. Subversion is asking  
openssl if a cert is OK or not, so if you can convince openssl that  
it's OK, the rest of the system will like it. (And by "the rest of the  
system", I mean the unix stuff. Most GUI apps will use the keychain…  
unless it's a GUI app like TextMate or svnX that's calling unix  
commands in the background… but you get the idea.)

I was able to get it "trusted" (and eliminate the prompt) by copying  
our CA's cert (blah.pem) to /System/Library/OpenSSL/certs/ and running  
`sudo c_rehash`. I haven't tried this with just a self-signed cert,  
but the solution is probably similar.

And no, you're never ever supposed to touch anything in /System, but  
that's the only location I've found that openssl checks for certs.  
Apple places absolutely nothing in the certs directory when you  
install the OS, so I can only conclude that it is meant to be used by  
the local system admin. (Why else would it exist at all?) Perhaps  
someone will correct me.

---
Rob McBroom
<http://www.skurfer.com/>