[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature request: argument to accept not trusted certificate when using --non-interactive

From: Daniel Rall <dlr_at_collab.net>
Date: 2007-02-06 23:35:53 CET

On Sun, 04 Feb 2007, Avalon wrote:

> Hello,
>
> the described problem has already been discussed - with no solution - in
> the thread
> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=105743 and
> a related issue http://subversion.tigris.org/issues/show_bug.cgi?id=2597
>
> When using subversion from a script with --non-interactive and a
> ssl-server with a self-signed certificate the certificate verification
> fails because the issuer is not trusted.
>
> The described workarounds to:
> - interactively accept the certificate once permanently
> - add the certificate to the "accepted" list
> are unfortunately not feasible in some scenarios.
>
> Is their any way to get an additional argument like
> "--trust-server-cert" or do the developers think relaxing the security
> in that way is a no-go?

I am very much in favor of some support for untrusted certificates.

I currently use a patched version of Subversion in my company's
product to work around this limitation. I do not find having to patch
Subversion to be an acceptable work-around for this (valid) use case.

- Dan

  • application/pgp-signature attachment: stored
Received on Tue Feb 6 23:36:03 2007

This is an archived mail posted to the Subversion Dev mailing list.