[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn update via HTTPS works 95% of the time, then randomly shanks, "issuer not trusted"

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 26 Jul 2011 22:32:11 +0300

Daniel Shahaf wrote on Tue, Jul 26, 2011 at 22:19:13 +0300:
> Dan Yost wrote on Tue, Jul 26, 2011 at 12:57:29 -0500:
> > Or to state the below (pardon the top-post) much more simply: the
> > --trust-server-cert flag does not work. It fails to perform its
> > singular function, which is...to force trust of the server cert,
> > right?
> >
>
> Its function is to accept certificates signed by unknown CA's without
> prompting. In your case you have two failures, one of them being the
> mismatching subject name (hostname), so you do get prompted.

See ssl_trust_unknown_server_cert() in subversion/libsvn_subr/cmdline.c.

There were discussions about extending this to, for example,
--trust-server-cert2=comma,separated,list,of,failures,to,ignore ,
and I think someone may have started working on a patch, but they never
submitted it to us.
Received on 2011-07-26 21:33:08 CEST

This is an archived mail posted to the Subversion Users mailing list.