[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Error validating server certificate

From: Mark Phippard <markphip_at_gmail.com>
Date: Mon, 2 May 2011 16:17:26 -0400

On Mon, May 2, 2011 at 4:03 PM, Ryan Schmidt
<subversion-2011a_at_ryandesign.com> wrote:
> $ svn info https://svn.macosforge.org/repository/macports
> Error validating server certificate for 'https://svn.macosforge.org:443':
>  - The certificate is not issued by a trusted authority. Use the
>   fingerprint to validate the certificate manually!
> Certificate information:
>  - Hostname: *.macosforge.org
>  - Valid: from Thu, 28 Apr 2011 22:45:15 GMT until Sat, 31 May 2014 10:51:08 GMT
>  - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by reference, Entrust, Inc., US
>  - Fingerprint: bf:77:a4:84:d4:3e:0c:55:28:3d:2a:37:bc:8a:47:39:76:73:b7:02
> (R)eject, accept (t)emporarily or accept (p)ermanently?
>
>
> I am running Subversion 1.6.17 as installed by MacPorts 1.9.2 on Mac OS X 10.6.7. What do I have to do to get Subversion to recognize that the certificate we are using for Mac OS Forge *is* issued by a trusted authority? I want a solution that does not involve every MacPorts contributor having to see this message and press "p"; I want a solution that does not involve anyone seeing this message at all.
>
> Do I have to somehow provide Subversion with a bundle of well-known trusted certificates? MacPorts includes the port curl-ca-bundle which installs a bundle of certs from Mozilla, and is used by the curl port to be able to access https sites. Can Subversion make use of that same bundle?

I use the binaries that Jeremy Whitlock provides and which you can
download at CollabNet. This is what I get:

$ svn info https://svn.macosforge.org/repository/macports
Path: macports
URL: https://svn.macosforge.org/repository/macports
Repository Root: https://svn.macosforge.org/repository/macports
Repository UUID: d073be05-634f-4543-b044-5fe20cf6d1d6
Revision: 78307
Node Kind: directory
Last Changed Author: gwright_at_macports.org
Last Changed Rev: 78307
Last Changed Date: 2011-05-02 15:33:44 -0400 (Mon, 02 May 2011)

His binaries use the OpenSSL that comes from Apple and that might be
the difference?

For MacPorts, I would think it would depend upon what is in:

/opt/local/etc/openssl 

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2011-05-02 22:17:52 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.