[Bf-docboard] SVN SSL Certificate changes

Dan McGrath danmcgrath.ca at gmail.com
Fri Mar 29 22:10:44 CET 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey gang,

Just a heads up for some of you that may not have been around the coders
channel when it happened, but the certificate for the SVN server has been
updated. We are also now using a newer non-MD5 Class 3 Root from CAcert to
avoid a long standing hack that many (in Linux at least) needed in order to
use
subversion over SSL on systems with a newer neon27 GNU TLS library, which
was
patched to not trust MD5 signed certificates.

For those of you that edited your ~/.subversion/servers file to add
"ssl-trust-default-ca = no", you should now be able to remove that line and
use
SVN via SSL/HTTPS normally.

For those wondering, here is a copy of the new fingerprint and related info:

$ gnutls-cli svn.blender.org
Resolving 'svn.blender.org'...
Connecting to '82.94.213.217:443'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1024 bits
 - Secret key: 1020 bits
 - Peer's public key: 1017 bits
- Certificate type: X.509
 - Got a certificate list of 2 certificates.
 - Certificate[0] info:
  - subject `CN=svn.blender.org', issuer `O=CAcert Inc.,OU=
http://www.CAcert.org,CN=CAcert Class 3 Root', RSA key 2048 bits, signed
using RSA-SHA1, activated `2013-03-29 15:39:41 UTC', expires `2015-03-29
15:39:41 UTC', SHA-1 fingerprint `7a4d4433cf42273b8f225e1c11d120e5af824d3b'
 - Certificate[1] info:
  - subject `O=CAcert Inc.,OU=http://www.CAcert.org,CN=CAcert Class 3
Root', issuer `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing
Authority,EMAIL=support at cacert.org', RSA key 4096 bits, signed using
RSA-SHA256, activated `2011-05-23 17:48:02 UTC', expires `2021-05-20
17:48:02 UTC', SHA-1 fingerprint `ad7c3f64fc4439fef4e90be8f47c6cfa8aadfdce'
- The hostname in the certificate matches 'svn.blender.org'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed



Dan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJRVgKFAAoJEBERWpIPPWwUDnoP/jyHXY4KmApcJhmpzarhW8JS
Pp3/xfDA5yZ1WT26Tbo0uncQf4C+xrLg3Te6u9xC/3PQ7hPSgORyrelozxLX+kj+
9zBog42huFyBeM4QmSayoyXV5d+aAbkzn4JLE9IyZeoQurEc7GJjawI465iQdy1n
cxH+sB3yZojyo2kMWkvP+mXFKplLeNM1ulC3utGz+4gyfSh6VJb3/+DAoOCkgUuW
UjyeVk54YltOD0ZTtKkXJv0qsA8SkaALSul+BoxiQGtJzaulMStgT8BwpiQeJbKl
VxlVjArqk+Bg9IApXFYZVMcEWybWI6TLEowEUnnIx1bAUKuKHDRFzRivm1ojiAvM
Tp/e5n4oHG2e+7e0xIFLOf01OY45v65xmTNC0UCc/cpc58FezzvWjo9lNnAcq7Fu
bM1UnSrRhp6Rfm398McYwS5yp8NqvxPNt2h/hOp3QQAbK+BGg7bRqa8E1cdnwsLa
mWdcMMuaLaZzniVsmfXImO1A0+gaxJYI/mHDPJnTPZdzBgWrOY2gG9n/eEC2XxZ6
dcbpDhTh5Ydd62oSKrIDJIwKnRVebR1XgEr79e5nN0l/k/Nm9+LAKV6oVLgnvJy1
NICFFtX+jAV5wqsyxsAA/wdGFo88MV7e+gVbOrX+GXmdTZczmlbTqbq+PSeX3L7U
doIoZp5G0pOT/QWi1oUs
=mr1j
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.blender.org/pipermail/bf-docboard/attachments/20130329/3fefb284/attachment.htm

More information about the Bf-docboard mailing list