[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn update via HTTPS works 95% of the time, then randomly shanks, "issuer not trusted"

From: Dan Yost <yodano_at_gmail.com>
Date: Tue, 26 Jul 2011 14:37:06 -0500

On Tue, Jul 26, 2011 at 2:32 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> Daniel Shahaf wrote on Tue, Jul 26, 2011 at 22:19:13 +0300:
>> Dan Yost wrote on Tue, Jul 26, 2011 at 12:57:29 -0500:
>> > Or to state the below (pardon the top-post) much more simply: the
>> > --trust-server-cert flag does not work. It fails to perform its
>> > singular function, which is...to force trust of the server cert,
>> > right?
>> >
>>
>> Its function is to accept certificates signed by unknown CA's without
>> prompting.  In your case you have two failures, one of them being the
>> mismatching subject name (hostname), so you do get prompted.
>
> See ssl_trust_unknown_server_cert() in subversion/libsvn_subr/cmdline.c.
>
> There were discussions about extending this to, for example,
> --trust-server-cert2=comma,separated,list,of,failures,to,ignore ,
> and I think someone may have started working on a patch, but they never
> submitted it to us.
>

A possibility, indeed. What's still very odd is that there's actually
no error--nothing to ignore. That is, 95% of the time, then randomly
(5%) it shanks, and nobody touched anything (on either server side or
client side). That's what is making me crazy.

Dan
Received on 2011-07-26 21:37:40 CEST

This is an archived mail posted to the Subversion Users mailing list.