[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Trusting server certs and --non-interactive SSL access

From: Daniel L. Rall <dlr_at_finemaltcoding.com>
Date: 2005-09-23 21:33:42 CEST

On Fri, 23 Sep 2005, Mark Phippard wrote:

> "Daniel L. Rall" <dlr@finemaltcoding.com> wrote on 09/23/2005 03:08:23 PM:
> > Assuming that I haven't already permanently trusted a SVN server
> accessed
> > over ra_dav/SSL (and haven't manipulated ~/.subversion/auth/), I see:
> >
> > $ svn --non-interactive ls --password=***
> https://svn.collab.net/repos/svn/
> > subversion/libsvn_ra_dav/util.c:826: (apr_err=175002)
> > svn: PROPFIND request failed on '/repos/svn/trunk'
> > subversion/libsvn_ra_dav/util.c:296: (apr_err=175002)
> > svn: PROPFIND of '/repos/svn/trunk': Server certificate verification
> failed:
> > issuer is not trusted (https://svn.collab.net)
> >
> > svn is apparently taking the --non-interactive as an indication that it
> > should fail when the cert server hasn't already been accepted as
> trusted.
> >
> > I have a situation where I _know_ the server's cert is trusted, and the
> > invocation of svn is programmatic (thus the --non-interactive). Any
> > recommendations on avoiding the fail-fast behavior?
> I do not know if it applies, but I recalled similar threads and found
> this.
> http://svn.haxx.se/dev/archive-2005-03/0046.shtml

Thanks for the pointer Mark, that is very similar to what I'm seeing. The
main difference is that I know of no --trust-server-cert flag which will
avoid a failure (along the lines of passing -m or -F as suggested in that

Surely someone else must've run into this use case before?

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Sep 23 21:34:37 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.