[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: running test-suite over https

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Mon, 13 Aug 2012 14:27:51 +0200

On Mon, Aug 13, 2012 at 9:28 AM, Philip Martin
<philip.martin_at_wandisco.com> wrote:
> Daniel Shahaf <d.s_at_daniel.shahaf.name> writes:
>
>> Johan Corveleyn wrote on Sat, Aug 11, 2012 at 22:11:22 +0200:
>>>
>>> Okay, I see there is an --ssl-cert option in svntest/main.py which
>>> does the necessary stuff. It's just not exposed through win-tests.py.
>>
>> Someone must have added it while I wasn't looking...
>
> Me. subversion/tests/cmdline/davautocheck.sh does the relevant magic to
> setup Apache if one uses:
>
> make davautocheck USE_SSL=1

Nice. I made a change (locally) to win-tests.py to also pass this
option, but it doesn't seem to work properly. I created a CA
certificate and signed a server cert with that. When I pass
--ssl-cert=server.crt, it fails with:

[[[
Error validating server certificate for 'https://localhost:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: localhost
 - Valid: from Aug 13 00:26:09 2012 GMT until Aug 7 00:26:09 2032 GMT
 - Issuer: (null), Test, (null), Test, BE ((null))
 - Fingerprint: C2:50:D1:2C:03:32:26:8B:04:97:16:4A:F0:BB:E5:27:1A:A8:46:40
(R)eject or accept (t)emporarily?
]]]

Even though the cert is correctly put into a file in
config\auth\svn.ssl.server. Is this normal? Is there something wrong
with the issuer? Or is the only way to accept my certificate to also
add "ssl-authority-files=/path/to/ca.crt" in the servers file from
within main.py?

See also dav-tests.log in attachment.

-- 
Johan

Received on 2012-08-13 14:38:43 CEST

This is an archived mail posted to the Subversion Dev mailing list.