[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: running test-suite over https

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Tue, 14 Aug 2012 00:13:55 +0200

On Mon, Aug 13, 2012 at 3:27 PM, Philip Martin
<philip.martin_at_wandisco.com> wrote:
> Philip Martin <philip.martin_at_wandisco.com> writes:
>
>> Johan Corveleyn <jcorvel_at_gmail.com> writes:
>>
>>> <philip.martin_at_wandisco.com> wrote:
>>>> Me. subversion/tests/cmdline/davautocheck.sh does the relevant magic to
>>>> setup Apache if one uses:
>>>>
>>>> make davautocheck USE_SSL=1
>>>
>>> Nice. I made a change (locally) to win-tests.py to also pass this
>>> option, but it doesn't seem to work properly. I created a CA
>>> certificate and signed a server cert with that. When I pass
>>> --ssl-cert=server.crt, it fails with:
>>>
>>> [[[
>>> Error validating server certificate for 'https://localhost:443':
>>> - The certificate is not issued by a trusted authority. Use the
>>> fingerprint to validate the certificate manually!
>>> Certificate information:
>>> - Hostname: localhost
>>> - Valid: from Aug 13 00:26:09 2012 GMT until Aug 7 00:26:09 2032 GMT
>>> - Issuer: (null), Test, (null), Test, BE ((null))
>>> - Fingerprint: C2:50:D1:2C:03:32:26:8B:04:97:16:4A:F0:BB:E5:27:1A:A8:46:40
>>> (R)eject or accept (t)emporarily?
>>> ]]]
>>
>> I get the same on Linux. I believe it worked when I wrote it.
>
> My mistake. In my case the certificate embedded in davautocheck.sh has
> expired:
>
> W: Error validating server certificate for 'https://localhost:13864':
> W: - The certificate is not issued by a trusted authority. Use the
> W: fingerprint to validate the certificate manually!
> W: - The certificate has expired.
>
> If I update the script to use an in-date certificate the tests PASS over
> SSL.

Gah! This is driving me insane. I tried re-generating the cert, and
even copy-pasted your certs out of davautocheck.sh, but still getting
the same error:

[[[
Error validating server certificate for 'https://localhost:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: localhost
 - Valid: from Aug 13 14:09:04 2012 GMT until Dec 30 14:09:04 2039 GMT
 - Issuer: (null), Internet Widgits Pty Ltd, (null), Some-State, AU ((null))
 - Fingerprint: 2D:3A:FA:4C:C1:65:18:C9:D7:7D:DB:11:06:A9:9A:E6:E1:56:77:D3
(R)eject or accept (t)emporarily? r
]]]

Even when I try with a 1.7.4 (SlikSVN) client, same thing ...
[[[
R:\test\subversion\tests\cmdline>svn.exe import -m "Log message for
revision 1." svn-test-work\local_tmp\greekfiles
https://localhost:443/svn-test-work/local_tmp/repos --config-dir
R:\test\subversion\tests\cmdline\svn-test-work\local_tmp\config
--password rayjandom --no-auth-cache --username jrandom
Error validating server certificate for 'https://localhost:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: localhost
 - Valid: from Aug 13 14:09:04 2012 GMT until Dec 30 14:09:04 2039 GMT
 - Issuer: (null), Internet Widgits Pty Ltd, (null), Some-State, AU ((null))
 - Fingerprint: 2D:3A:FA:4C:C1:65:18:C9:D7:7D:DB:11:06:A9:9A:E6:E1:56:77:D3
(R)eject or accept (t)emporarily? r
]]]

I tried all I can think of for configuring Apache. Pfffff.

Maybe I should ditch my self-built Apache, and try the ready-built
Windows binary.

-- 
Johan
Received on 2012-08-14 00:14:47 CEST

This is an archived mail posted to the Subversion Dev mailing list.