Hi, The same question has been asked in the TortoiseSVN group (see https://groups.google.com/g/tortoisesvn/c/cVUXqh8VMh0)
I have answered in detail there and I suggest to continue the discussion there if related to solving the current incident. In short: The server is providing two different certificate chains and the client is looking at the wrong one (which is expired). After a restart the server is only serving the non-expired chain and the clients accept the connection. Thomas & Matthew, any chance you can check the chains provided from your servers and possibly do a reboot and report back if this solves the problem? Any followup discussion related to how/why TortoiseSVN is looking at the wrong certificate chain should of course stay in this group. Kind regards Daniel torsdag 30 september 2021 kl. 20:54:31 UTC+2 skrev Thomas Åkesson: > To clarify, the TortoiseSVN use of Wincrypt seems ok but we have reports > of failures from SVNKit / Java on 20H2. > > Regards, > Thomas Å. > > > > On 30 Sep 2021, at 19:02, TortoiseSVN-dev <[email protected]> > wrote: > > Hi, > > We are recently getting various reports from our users after upgrade to > 20H2. > > We have both TortoiseSVN users and another component using SVNKit. I have > no conclusions yet regarding the CAPI interface but there are also issue > related to Wincrypt APIs. > > I am not entirely sure if TortoiseSVN is using CAPI APIs for the trust > store (but it is used if you have a client cert in the Windows-MY storage). > I suspect Tortoise will fall back to its internal trust store (let’s > encrypt missing) if the attempt to query the OS APIs fail on 20H2. > > Regards, > /Thomas Å. > > On 30 Sep 2021, at 18:21, TortoiseSVN-dev <[email protected]> > wrote: > > > Hi Daniel, > > On Thu, Sep 30, 2021 at 12:14 PM Daniel Sahlberg via TortoiseSVN-dev < > [email protected]> wrote: > >> What version of TortoiseSVN are you using and what version of Windows? >> >> I also have a Let's Encrypt certificate and I don't get the same warning. >> > > This is TortoiseSVN 1.14.1 on Windows 10 20H2 (x64). Firefox and even > Internet Explorer work (I can browse the repository on the web with the > pages that mod_dav_svn generates). > > Best regards, > Matt > > -- > You received this message because you are subscribed to the Google Groups > "TortoiseSVN-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tortoisesvn-dev/CAGUBAKXRz7AJzB1g7V6S6ZHZ4O26zOpuiH4rQeZTuvg3FtexAQ%40mail.gmail.com > > <https://groups.google.com/d/msgid/tortoisesvn-dev/CAGUBAKXRz7AJzB1g7V6S6ZHZ4O26zOpuiH4rQeZTuvg3FtexAQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > -- > You received this message because you are subscribed to the Google Groups > "TortoiseSVN-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/tortoisesvn-dev/5B8CB503-5CD5-4C81-8643-0BF292688E2C%40fastmail.fm > > <https://groups.google.com/d/msgid/tortoisesvn-dev/5B8CB503-5CD5-4C81-8643-0BF292688E2C%40fastmail.fm?utm_medium=email&utm_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "TortoiseSVN-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn-dev/a63205b3-fd31-4455-b3b7-3bd7a208bd7dn%40googlegroups.com.
