The problem is that cacert.org breaks svn over https for some projects that use cacert since an update to neon for gnutls disables certs with md5 for security, at least if I understand the problem correctly.
Our work around was to tell everyone to add an option to not trust the ~/.subversion/servers file ("ssl-trust-default-ca = no"), but it would be nice if this just worked "out of the box" for people with the latest security updates in ubuntu.
Is there any reason why this hasn't been fixed yet? Or is fix for cacert in this bug something else? (if so, apologies, I will report a separate bug).
I think this bug is affecting me at least in 12.04:
# openssl x509 -text -in /usr/share/ ca-certificates /cacert. org/cacert. org.crt | grep Signature ption ption
Signature Algorithm: md5WithRSAEncry
Signature Algorithm: md5WithRSAEncry
The problem is that cacert.org breaks svn over https for some projects that use cacert since an update to neon for gnutls disables certs with md5 for security, at least if I understand the problem correctly.
Our work around was to tell everyone to add an option to not trust the ~/.subversion/ servers file ("ssl-trust- default- ca = no"), but it would be nice if this just worked "out of the box" for people with the latest security updates in ubuntu.
Is there any reason why this hasn't been fixed yet? Or is fix for cacert in this bug something else? (if so, apologies, I will report a separate bug).
Thanks o/