[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SSL Error

From: Nick <nospam_at_codesniffer.com>
Date: Thu, 16 Dec 2010 09:34:05 -0500

Hi all,

At some point in the last year I stopped being able to access my SVN
repository remotely via https using the SVN CLI and TortoiseSVN on
Windows. Unfortunately since I hadn't used svn on my windows machine
for a long time (many months), I cannot give a more accurate timeframe.

The error I get when I try to checkout via the svn.exe CLI is (I masked
my domain & path):

c:\ svn.exe checkout https://<mydomain>.com/<path>
svn: OPTIONS of 'https://<mydomain>.com/<path>':
SSL negotiation failed: SSL error code -1/1/336032856
(https://<mydomain>.com)

My svn server is running via Apache. Client and server are both version
is 1.6.13. The web server is using openssl 1.0.0c.

I am able to checkout and access my repository fine from another linux
client via the same domain name. And on Windows, I can browse the
repository with Firefox. But in both of these cases, the linux svn CLI
and Firefox both prompt that the SSL certificate is risky/invalid for a
couple reasons: it's self-signed and reflects a different host than the
domain I'm actually connecting to. This is because the SSL certificate
reflects my server's internal hostname (for reasons I won't get into
here) rather than the public domain name. So for both the linux client
and Firefox I had to explicitly accept this discrepancy.

The linux svn CLI yields this:
# svn checkout https://<mydomain>.com/<path>
Error validating server certificate for 'https://<mydomain>.com:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
 - The certificate hostname does not match.
Certificate information:
 - Hostname: nimble
 - Valid: from Tue, 16 Mar 2010 02:14:36 GMT until Fri, 13 Mar 2020
02:14:36 GMT
 - Issuer: <me>
 - Fingerprint:
50:2b:50:a5:75:61:ae:f2:a0:d2:44:4f:12:6b:d3:6e:f8:c5:4b:12
(R)eject, accept (t)emporarily or accept (p)ermanently?

And if I accept this validation error, everything works properly.

So I wonder if the error I'm getting from the Windows svn.exe is related
to my risky/invalid certificate. So one question I have is: how do I
instruct svn to accept the certificate even though it's not completely
valid?

Any other suggestions?

TIA,
Nick
Received on 2010-12-16 15:34:49 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.