[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature request: argument to accept not trusted certificate when using --non-interactive

From: mark benedetto king <mbk_at_lowlatency.com>
Date: 2007-02-25 16:51:47 CET

On Tue, Feb 06, 2007 at 02:35:53PM -0800, Daniel Rall wrote:
> On Sun, 04 Feb 2007, Avalon wrote:
>
> > Hello,
> >
> > the described problem has already been discussed - with no solution - in
> > the thread
> > http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=105743 and
> > a related issue http://subversion.tigris.org/issues/show_bug.cgi?id=2597
> >
> > When using subversion from a script with --non-interactive and a
> > ssl-server with a self-signed certificate the certificate verification
> > fails because the issuer is not trusted.
> >
> > The described workarounds to:
> > - interactively accept the certificate once permanently
> > - add the certificate to the "accepted" list
> > are unfortunately not feasible in some scenarios.
> >
> > Is their any way to get an additional argument like
> > "--trust-server-cert" or do the developers think relaxing the security
> > in that way is a no-go?
>
> I am very much in favor of some support for untrusted certificates.
>
> I currently use a patched version of Subversion in my company's
> product to work around this limitation. I do not find having to patch
> Subversion to be an acceptable work-around for this (valid) use case.
>

Sorry to come so late to the thread, but can you give an example scenario
in which is it not feasible to accept the certificate once?

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 27 19:42:45 2007

This is an archived mail posted to the Subversion Dev mailing list.