[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn not permanently accepting ssl cert

From: Stefan Sperling <stsp_at_elego.de>
Date: Fri, 27 Feb 2009 14:55:30 +0000

On Fri, Feb 27, 2009 at 02:21:35PM +0000, Craig Hopkins wrote:
> Hi,
>
> I was going to raise this as a bug, but thought I'd drop it here first
> in case it's something that's already been discussed.
>
> I recently came across the problem where svn up/co/revert/whatever
> would always ask me to manually/permanently accept the SSL cert for
> the server I was connecting to. Even if I selected permanently, it
> would always ask me again the next time. After a bit of frustration
> and digging, I eventually worked out that my .subversion folder had
> somehow changed itself to be owned by root:root and so the changes to
> the allowed keys weren't actually being written to my .subversion
> folder. Had svn actually told me that it couldn't do this, I would
> have worked it out a lot sooner :) Is it the kind of thing where an
> error can be introduced if it can't make changes to the
> .subversion/auth folder ?
>

I can reproduce this with trunk:

$ sudo mkdir -m 700 /tmp/conf
$ svn --config-dir /tmp/conf ls https://svn.collab.net/repos/svn
Error validating server certificate for 'https://svn.collab.net:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: svn.collab.net
 - Valid: from Mon, 24 Sep 2007 22:01:07 GMT until Fri, 23 Sep 2011 22:01:07 GMT
 - Issuer: svn, CollabNet, Brisbane, California, US
 - Fingerprint: aa:5b:74:b1:e2:7f:38:b3:2b:c2:b1:60:6e:01:bb:f5:7c:37:98:46
(R)eject, accept (t)emporarily or accept (p)ermanently? p
README
branches/
developer-resources/
mk.xiv/
svn-logos/
tags/
trunk/
$ svn --config-dir /tmp/conf ls https://svn.collab.net/repos/svn
Error validating server certificate for 'https://svn.collab.net:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: svn.collab.net
 - Valid: from Mon, 24 Sep 2007 22:01:07 GMT until Fri, 23 Sep 2011 22:01:07 GMT
 - Issuer: svn, CollabNet, Brisbane, California, US
 - Fingerprint: aa:5b:74:b1:e2:7f:38:b3:2b:c2:b1:60:6e:01:bb:f5:7c:37:98:46
(R)eject, accept (t)emporarily or accept (p)ermanently? p
README
branches/
developer-resources/
mk.xiv/
svn-logos/
tags/
trunk/

We should throw an error, or at least print a warning.

Please file a bug report and make sure it contains a link to this
thread in the archives (archives are at http://svn.haxx.se and
http://svn.tigris.org, take your pick).

Thanks!
Stefan
Received on 2009-02-27 15:56:54 CET

This is an archived mail posted to the Subversion Users mailing list.