[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn ls https://... results in "The certificate has an unknown error"

From: Erik Wasser <erik.wasser_at_iquer.net>
Date: Fri, 6 Nov 2009 10:33:26 +0100

Hello list,

I'm crossposting this from the gentoo forum
"http://forums.gentoo.org/viewtopic-t-801013.html"

Subject: svn https:// results in The certificate has an unknown error

I've got 2 boxes of gentoo here, running nearly the same software. In this
case apr-1.3.9, apr-util-1.3.9, neon-0.29.0, gnutls-2.8.4 and subversion-1.6.5
with the same use flags.

Running a simple "ls" over https:// command at work works fine:

% svn ls https://dev.int.example.net/
Error validating server certificate for 'https://dev.int.example.net:443':
 - The certificate hostname does not match.
Certificate information:
 - Hostname: *.example.net
 - Valid: from Mon, 11 Jun 2007 00:00:00 GMT until Wed, 15 Sep 2010 23:59:59
GMT
 - Issuer: Comodo CA Limited, Salford, Greater Manchester, GB
 - Fingerprint: d2:d6:76:ee:7c:b1:87:ce:28:6a:0e:eb:c5:03:87:30:cf:1d:a7:b9
(R)eject, accept (t)emporarily or accept (p)ermanently?

I can accept the certificate forever and that's fine. No more questions for
me.

Running the same command at home brings me to this:

% svn ls https://dev.int.example.net/
Error validating server certificate for 'https://dev.int.example.net:443':
 - The certificate hostname does not match.
 - The certificate has expired.
 - The certificate has an unknown error.
Certificate information:
 - Hostname: *.example.net
 - Valid: from Mon, 11 Jun 2007 00:00:00 GMT until Wed, 15 Sep 2010 23:59:59
GMT
 - Issuer: Comodo CA Limited, Salford, Greater Manchester, GB
 - Fingerprint: d2:d6:76:ee:7c:b1:87:ce:28:6a:0e:eb:c5:03:87:30:cf:1d:a7:b9
(R)eject or accept (t)emporarily?

I've got 2 more error messages here and the option "'(p)ermanently" is
missing. Why's that? Caused by what? Removing the ~/.subversion doesn't help.

I've done some testing with "strace -fF -e trace=file svn ls $URL" to figure
out what files will be used. The only filename that got something todo with
SSL was "/etc/ssl/certs/ca-certificates.crt". And that file was the same on
both servers.

What I'm missing here? How do I solve this problem? What else can I try to
narrow down the problem?

-- 
So long... Fuzz
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2415043
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-11-06 10:38:28 CET

This is an archived mail posted to the Subversion Users mailing list.