[TxMt] Subversion-Bundle and https
textmate at skurfer.com
Wed Apr 9 13:53:18 UTC 2008
On 2008-Apr-9, at 1:24 AM, Niels Kobschaetzki wrote:
> I have a repo to which I connect via https. The problem is that it
> uses a self-signed certificate and I to tell svn each time to trust
> the certificate (even so that I tell it to accept it permanently).
I had this problem with the svn server at work because it uses a cert
signed by an internal Certificate Authority. Subversion is asking
openssl if a cert is OK or not, so if you can convince openssl that
it's OK, the rest of the system will like it. (And by "the rest of the
system", I mean the unix stuff. Most GUI apps will use the keychain…
unless it's a GUI app like TextMate or svnX that's calling unix
commands in the background… but you get the idea.)
I was able to get it "trusted" (and eliminate the prompt) by copying
our CA's cert (blah.pem) to /System/Library/OpenSSL/certs/ and running
`sudo c_rehash`. I haven't tried this with just a self-signed cert,
but the solution is probably similar.
And no, you're never ever supposed to touch anything in /System, but
that's the only location I've found that openssl checks for certs.
Apple places absolutely nothing in the certs directory when you
install the OS, so I can only conclude that it is meant to be used by
the local system admin. (Why else would it exist at all?) Perhaps
someone will correct me.
More information about the textmate