From owner-freebsd-ports@freebsd.org Wed Aug 5 20:21:41 2015 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DCF29B4DD9 for ; Wed, 5 Aug 2015 20:21:41 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (tensor.andric.com [IPv6:2001:7b8:3a7:1:2d0:b7ff:fea0:8c26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "tensor.andric.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D4C1EFE4 for ; Wed, 5 Aug 2015 20:21:40 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from [172.16.103.6] (unknown [77.95.97.98]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 7E7AB2560B; Wed, 5 Aug 2015 22:21:36 +0200 (CEST) Subject: Re: Unable to relocate to new svn URL Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\)) Content-Type: multipart/signed; boundary="Apple-Mail=_E69E711E-CBDC-4C4A-B910-064AD851081F"; protocol="application/pgp-signature"; micalg=pgp-sha1 X-Pgp-Agent: GPGMail 2.5 From: Dimitry Andric In-Reply-To: Date: Wed, 5 Aug 2015 22:21:24 +0200 Cc: Peter Wemm , FreeBSD Ports ML Message-Id: References: To: Kevin Oberman X-Mailer: Apple Mail (2.2102) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Aug 2015 20:21:41 -0000 --Apple-Mail=_E69E711E-CBDC-4C4A-B910-064AD851081F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 05 Aug 2015, at 22:05, Kevin Oberman wrote: >=20 > Today I decided to relocate my ports source from the old specific = mirror to > the new svn.freebsd.org. Seemed like just one easy command, but not = quite. >=20 > First, if subversion is built with the default options, it will refuse = to > do https:// with the confusing message that the URL format was not > recognized. I checked and my svn was notbuilt with SASL. SASL is not = on by > default. So I rebuilt subversion and now it likes the command, but = won't > accept the certificate: > Error validating server certificate for 'https://svn.freebsd.org:443': > - The certificate is not issued by a trusted authority. Use the > fingerprint to validate the certificate manually! > Certificate information: > - Hostname: svn.freebsd.org > - Valid: from Jun 22 00:00:00 2015 GMT until Jun 22 23:59:59 2016 GMT > - Issuer: Gandi, Paris, Paris, FR > - Fingerprint: = E9:37:73:80:B5:32:1B:93:92:94:98:17:59:F0:FA:A2:5F:1E:DE:B9 > (R)eject, accept (t)emporarily or accept (p)ermanently? >=20 > Indeed, it does not appear that Gandi is on the certificate.txt. file > installed by ca_root_nss. Not directly, the Gandi Standard SSL CA 2 certificate is issued by the following root CA: Serial Number: 01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d Subject: C=3DUS, ST=3DNew Jersey, L=3DJersey City, O=3DThe USERTRUST = Network, CN=3DUSERTrust RSA Certification Authority > Is this a problem with the ca_root_nss port, the certificate, of is > something hacked? Clearly, I am not about to trust the certificate as = it > now stands. Which version of ca_root_nss do you have? Mine is 3.19.1_1, and it definitely has the above root CA in /etc/ssl/cert.pem. -Dimitry --Apple-Mail=_E69E711E-CBDC-4C4A-B910-064AD851081F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.27 iEYEARECAAYFAlXCcE8ACgkQsF6jCi4glqPXrwCfRnLQSacOqx1vtb4d3HJb+dq2 ZyYAn0CCIyYAs2UbDawVv9S2gbRPe0gy =c4Nk -----END PGP SIGNATURE----- --Apple-Mail=_E69E711E-CBDC-4C4A-B910-064AD851081F--