[TxMt] Subversion-Bundle and https

Rob McBroom textmate at skurfer.com
Wed Apr 9 13:53:18 UTC 2008

On 2008-Apr-9, at 1:24 AM, Niels Kobschaetzki wrote:

> I have a repo to which I connect via https. The problem is that it
> uses a self-signed certificate and I to tell svn each time to trust
> the certificate (even so that I tell it to accept it permanently).

I had this problem with the svn server at work because it uses a cert  
signed by an internal Certificate Authority. Subversion is asking  
openssl if a cert is OK or not, so if you can convince openssl that  
it's OK, the rest of the system will like it. (And by "the rest of the  
system", I mean the unix stuff. Most GUI apps will use the keychain…  
unless it's a GUI app like TextMate or svnX that's calling unix  
commands in the background… but you get the idea.)

I was able to get it "trusted" (and eliminate the prompt) by copying  
our CA's cert (blah.pem) to /System/Library/OpenSSL/certs/ and running  
`sudo c_rehash`. I haven't tried this with just a self-signed cert,  
but the solution is probably similar.

And no, you're never ever supposed to touch anything in /System, but  
that's the only location I've found that openssl checks for certs.  
Apple places absolutely nothing in the certs directory when you  
install the OS, so I can only conclude that it is meant to be used by  
the local system admin. (Why else would it exist at all?) Perhaps  
someone will correct me.

Rob McBroom

More information about the textmate mailing list