[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Add 'Error validating server' section in FAQ

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 31 May 2012 21:39:34 +0200

On Fri, Jun 01, 2012 at 12:20:23AM +0530, Jeyanthan wrote:
> Hi Team,
>
> I hereby attached a patch to add a question in FAQ section. I am
> hoping it helps some end users who encounters this client side
> 'Error validating server' issue.
>
> I believe the attached patch and log message is self explanatory.
> Please let me know if I have missed something important.
>
> [[[
>
> Added an entry to the FAQ section : For every Subversion operation,
> I get "Error validating server certificate" exception though I
> configure the SSL certificates correctly in the server.
>
> * subversion/site/publish/faq.html : Added an FAQ entry.
>
> Patch by: Jeyanthan Inbasekaran <jeyanthan{_AT_}collab.net>
>
> ]]]
>
> --
> Regards,
> Jeyanthan
>

Thanks for the patch! Review below.

> Index: faq.html
> ===================================================================
> --- faq.html (revision 1344429)
> +++ faq.html (working copy)
> @@ -266,6 +266,8 @@ a <tt>file:</tt> URL?</a></li>
> <li><a href="#ssl-error-336032856">When performing Subversion operations
> over SSL, I get the error <tt>SSL handshake failed: SSL error code
> -1/1/336032856</a></tt>
> +<li><a href="#Error-validating-server-certificate">For every Subversion operation, I get <tt>Error

Please don't use upper case letters in the 'href' link.

> +validating server certificate</tt> exception though I configure the SSL certificates correctly in the server.</a></li>
> <li><a href="#where-are-the-files">After importing files to my repository,
> I don't see them in the repository directory. Where are they?</a></tt>
> </a></li>

I'd suggest the following wording for this FAQ entry's title:

  I get an "Error validating server certificate" error even though SSL
  certificates are correctly configured on the server-side.

I wouldn't use the term "exception". We call them "errors" in other
FAQ entries. It would be nice to keep this consistent.

> @@ -4188,6 +4190,39 @@ See <a href="http://svn.haxx.se/dev/archive-2011-0
>
> </div>
>
> +<div class="h3" id="Error-validating-server-certificate">
> +<h3>For every Subversion operation, I get <tt>"Error validating server
> +certificate"</tt> exception though I configure the SSL certificates
> +correctly in the server. <a class="sectionlink" href="faq.html#Error-validating-server-certificate" title="Link to this section">&para;</a>
> +</h3>
> +<p>This error appears in the
> +clients if the certificate issuer is not recognized as 'Trusted'

Maybe:

"This error occurs if the certificate issuer ..."

> +by the SVN client

Full stop here?

And make the following the start of a new sentence?

> and will ask you whether you trust the certificate

Maybe say: "Subversion will ask you ...."

> and if you want to add this certificate.<br />

Maybe say "store" or "save", instead of "add"? Otherwise it's not clear
what the cert is being added to.

> +</p>
> +<p>
> +
> +</p>

Empty paragraph?

> +<pre style="margin-left: 40px;">$ svn info https://mysite.com/svn/repo<br />Error validating server certificate for 'https://mysite.com:443':<br />- The certificate is not issued by a trusted authority. Use the<br />fingerprint to validate the certificate manually!<br />Certificate information:<br />- Hostname: mysite.com<br />- Valid: from Wed, 18 Jan 2012 00:00:00 GMT until Fri, 18 Jan 2013<br />23:59:59 GMT<br />- Issuer: Google Inc, US<br />- Fingerprint:<br />34:4b:90:e7:e3:36:81:0d:53:1f:10:c0:4c:98:66:90:4a:9e:05:c9<br />(R)eject, accept (t)emporarily or accept (p)ermanently?</pre>

> +<p>
> +</p>

Empty paragraph?

> +<meta http-equiv="content-type" content="text/html; charset=utf-8" />

Why add a <meta> tag here?

> +</p>

This </p> seems to have no opening <p>.

> +<p>In some cases, even if you accept this by enterinp 'p' option, the
> +next time you access SVN, the same exception appears again. There can

Again, I'd prefer "error" instead of "exception".

> +be multiple reasons.
 
I'd suggest saying "... reasons for this".

> The problem may be, that the subversion

The above comma is not necessary.

> +configuration directory, which is normally under your ~/.subversion has

Again, superfluous comma. Maybe say "your ~/.subversion directory"?

> +wrong permissions, so that each time you want to permanently add the
> +credentials, svn actually cannot do so, and also doesn???t inform you
> +that it can???t.<br />

Hmmm... I suppose we should consider making 'svn' issue a warning
if this happens. That is an unrelated problem to your path submission
though :)

> +</p>
> +<p>This can be solved by cleaning the directory
> +???~/.subversion/auth/svn.ssl.server??? and this gets created automatically
> +the next time you access.</p>
> +<pre style="margin-left: 40px;">rm ~/.subversion/auth/svn.ssl.server/*</pre>

I'm not sure if this is good advice.

So in your case, the files inside the directory had wrong permissions?
Do you know why this happened? If just one file is affected, I think it
would be nicer to fix permissions on the offending file using chmod.

If you had a directory with wrong permissions, it might likewise be a
better idea to fix the permissions instead of purging the auth cache.

> +</div>
> +</div>

You added just one <div> tag but close two. That doesn't seem right.

> +
> +
> <div class="h3" id="where-are-the-files">
>
> <h3>After importing files to my repository,
>
Received on 2012-05-31 21:40:12 CEST

This is an archived mail posted to the Subversion Dev mailing list.