[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Problem with JavaHL accepting SSL certificates temporary

From: Mark Phippard <MarkP_at_softlanding.com>
Date: 2005-06-22 19:37:00 CEST

We have had a problem come up in Subclipse relating to accepting SSL
certificates. If the user takes the option (provided from JavaHL) to
accept the certificate temporarily, then only the initial request works.
Any subsequent requests to that server fail due to an invalid certificate.

 In the best case scenario, some sort of temporary caching should be
performed as the "Temporary" option verbage sugests. In the worst case
the user should be prompted every time. What is happening is that all
subsequent requests are acting as if they rejected the certificate, which
is worse than the worst case. This is the error you get:

org.tigris.subversion.javahl.ClientException: RA layer request failed
svn: PROPFIND request failed on '/repos/svn'
svn: PROPFIND of '/repos/svn': Server certificate verification failed:
issuer is not trusted (https://svn.collab.net)

I have attached a patch for the JavaHL test suite that demonstrates the
problem. It uses the Subversion SSL repository for the test, so if you
have already accepted that certificate you have to first remove it from
your configuration area to see the problem.

The attached patch contains 2 other changes, which you can ignore.

1) I changed the default repository type for the tests from BDB to fsfs.

2) There is a new merge test I added back during the 1.2 RC period when
there was a failure in JavaHL merge. I just haven't removed the test and
it is possible you might want to add it to the test suite.

Thanks

Mark

_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

  • application/octet-stream attachment: d.patch
Received on Wed Jun 22 19:38:07 2005

This is an archived mail posted to the Subversion Dev mailing list.