[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Trouble with svnsync using SSL and self-signed certificates

From: Sander Marechal <s.marechal_at_jejik.com>
Date: 2007-10-25 23:35:38 CEST

Hello all,

I have a problem using svnsync to create a mirror of my subversion
repository. The remote server I want to mirror to runs Subversion on
Apache with SSL enabled. It uses a self-signed certificate. I want to
run the svnsync command in a port-commit on the local server. The local
server runs Subversion under user "svn" which has no home directory and
no login shell (A typical system user).

My problem: Every time I try to sync, the svnsync program throws a
warning about the certificate being untrusted and asks if I want to
reject, accept temporarily or accept permanently. It doesn't matter that
I tell it to accept the certificate permanently, it will still warn me
again next time and ask for user input. Ofcourse, the default action is
to deny, so telling svnsync to not ask interactive questions also does
not solve this.

I thought that it might be caused by "svn" being a system user, so I
created /home/svn and updated /etc/passwd to give the svn user a home
directory and login shell, but that did not help either.

How can I fix this? Can I accept certificates in another way? Changing a
config somewhere? Addin the certificate signature to a config file or
something? Alternatively, can I make svnsync automatically accept an
untrusted certificate, or force if to not check the certificate? Are
there perhaps even other ways of solving this?

The only solutions I found so far is running the remove server over http
or svn protocol (unacceptable) or getting a signed, trusted certificate
(expensive!)

Any help is greatly appreciated.

-- 
Sander Marechal
http://www.jejik.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Oct 25 23:36:05 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.