On Wed, Jul 09, 2008 at 04:14:28PM +0100, Joe Orton wrote: > On Tue, Jul 08, 2008 at 12:03:15PM +1000, Paul Cuthbert wrote: > > Subversion 1.5.0 (and probably earlier) is unable to handle client > > PKCS#12 files that are generated using the Bouncy Castle cryptographic > > toolkit (Java version 139, see > > http://www.bouncycastle.org/latest_releases.html). These P12 files can > > be handled fine by Microsoft CAPI, Firefox and OS-X Keychain. > ... > > An example P12 file is attached, with certificate. The password is > > 'password'. To reproduce this issue, use this P12 to try and access any > > svn repository with client SSL enabled. You do not need to set up CA > > certificates, etc. because the issue occurs when svn tries to parse the > > P12. > > I think this is a bug in OpenSSL's PKCS12_parse(). Paul's cert is > attached and has a private key, a client cert, and a CA cert. > PKCS12_parse() is returning the private key and the CA cert as the > supposedly-matching client cert.
Attached the cert this time! joe
TestUser.p12
Description: Binary data
