There's a Cybertrust root in the F-11 ca-certificates.

Is it possible for you to update the F10 package too? I have 500 systems, many used by student programmers that use subversion. I don't see that I can manage upgrade them all anytime soon. Is it possible to drop a file in /etc/pki/tls/certs to fix it or even install the F11 rpm?

Regards
Bjørge Solli
sysadm University of Bergen, Norway.

ca-certificates-2009-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/ca-certificates-2009-1.fc10

Please try this build:

http://koji.fedoraproject.org/koji/buildinfo?buildID=103784

and report feedback either here or via the update tracker link in comment 3.

ca-certificates-2009-1.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ca-certificates'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-5649

I still get this error:

$ rpm -q ca-certificates
ca-certificates-2009-1.fc10.noarch
$ svn co https://subversion.uib.no/repos/test
Error validating server certificate for 'https://subversion.uib.no:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: subversion.uib.no
 - Valid: from Wed, 20 May 2009 12:37:17 GMT until Sun, 20 May 2012 12:37:17 GMT
 - Issuer: Educational CA, Cybertrust, BE
 - Fingerprint: b5:50:ee:5f:0b:85:5e:9d:20:5e:5d:45:92:19:67:31:ec:43:21:36
(R)eject, accept (t)emporarily or accept (p)ermanently? r
svn: OPTIONS of 'https://subversion.uib.no/repos/test': Server certificate verification failed: issuer is not trusted (https://subversion.uib.no)
$ uname -a
Linux it010240.klientdrift.uib.no 2.6.27.21-170.2.56.fc10.x86_64 #1 SMP Mon Mar 23 23:08:10 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

Thanks for testing this out.

The problem is in fact that the root CA you're using is a X509v1 cert, and such certs are not trusted by default in GnuTLS.

I've built an updated version of neon which fixes this issue and this works fine with your https://subversion.uib.no/ server (I hope that testing against that is OK).

http://koji.fedoraproject.org/koji/buildinfo?buildID=104029

neon-0.28.4-1.1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/neon-0.28.4-1.1.fc10

Please leave feedback via the update system link above if this works for you.

Please test against our server, no problem.

Updating neon did the trick. Subversion now works fine against our svn repo.

Is it a bad thing that we use a v1 certificate? We are in the educational section in norway and all educational institutions in norway gets their ssl certificates from the same place..

To be clear - it is the root CA using an X.509 v1 cert here, not the server cert you are using.  I don't think it's actively harmful to be using a v1 root cert.  

That particular root expires in only 2018 anyway, so, you'll migrate to some other root at some point ;)

Thanks for testing out the packages.

neon-0.28.4-1.1.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update neon'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-5675

neon-0.28.6-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/neon-0.28.6-1.fc10

neon-0.28.6-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

*** Bug 494350 has been marked as a duplicate of this bug. ***