Great, thanks for reporting back! /Daniel
fredag 5 januari 2024 kl. 09:44:24 UTC+1 skrev TG FMS Account: > Hi, > > Found root cause: Verify return code: 67 (CA certificate key too weak) > > CA that issued cert for SVN server was using 1024 bit key. > After renewing CA cert and renewing SVN server cert issue is fixed. > > Thank you! > Dana četvrtak, 4. siječnja 2024. u 14:57:51 UTC+1 korisnik TG FMS Account > napisao je: > >> Hi, >> >> I don't think that this is the problem because you can temporary accept >> this cert and it's fine. >> >> I'm reading this https://www.openssl.org/news/openssl-3.2-notes.html and >> found that: >> >> >> - >> >> Support for using the Windows system certificate store as a source of >> trusted root certificates >> >> This is not yet enabled by default and must be activated using an >> environment variable. This is likely to become enabled by default in a >> future feature release. >> >> Seems to me that it could be that because I have my enterprise CA on all >> PCs. >> >> Regards, >> K >> >> Dana četvrtak, 4. siječnja 2024. u 13:30:11 UTC+1 korisnik Daniel >> Sahlberg napisao je: >> >>> torsdag 4 januari 2024 kl. 13:05:32 UTC+1 skrev TG FMS Account: >>> >>> Hi All, >>> >>> After version upgrade I have issue with internal SVN server which >>> reports error in subject. >>> There is no option to permanently accept this certificate, only >>> temporary and cancel. >>> >>> After downgrade to 1.14.5 there is no error or warning. >>> It seems that only workaround for that is to edit servers config file. >>> >>> Is this a bug or some new security feature not mentioned in change log? >>> >>> >>> TortoiseSVN 1.14.5 was using OpenSSL 1.1.1m >>> TortoiseSVN 1.14.6 is using OpenSSL 3.2.0 >>> >>> The change was done since OpenSSL 1.1.1 is considered EOL from September >>> 11th 2023. >>> >>> Probably the certificate you are using is signed with an algorithm that >>> is deprecated/removed in OpenSSL 3.2.0. Can you check the certificate and >>> potentially update the certificate to a more modern algorithm? >>> >>> Kind regards, >>> Daniel Sahlberg >>> >> -- You received this message because you are subscribed to the Google Groups "TortoiseSVN" group. To unsubscribe from this group and stop receiving emails from it, send an email to tortoisesvn+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/d1770b2b-70d9-4ed3-8b10-0e7c40b1723dn%40googlegroups.com.
