On Tue, Jul 26, 2011 at 2:32 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> Daniel Shahaf wrote on Tue, Jul 26, 2011 at 22:19:13 +0300:
>> Dan Yost wrote on Tue, Jul 26, 2011 at 12:57:29 -0500:
>> > Or to state the below (pardon the top-post) much more simply: the
>> > --trust-server-cert flag does not work. It fails to perform its
>> > singular function, which is...to force trust of the server cert,
>> > right?
>> >
>>
>> Its function is to accept certificates signed by unknown CA's without
>> prompting. In your case you have two failures, one of them being the
>> mismatching subject name (hostname), so you do get prompted.
>
> See ssl_trust_unknown_server_cert() in subversion/libsvn_subr/cmdline.c.
>
> There were discussions about extending this to, for example,
> --trust-server-cert2=comma,separated,list,of,failures,to,ignore ,
> and I think someone may have started working on a patch, but they never
> submitted it to us.
>
A possibility, indeed. What's still very odd is that there's actually
no error--nothing to ignore. That is, 95% of the time, then randomly
(5%) it shanks, and nobody touched anything (on either server side or
client side). That's what is making me crazy.
Dan
Received on 2011-07-26 21:37:40 CEST