Ongoing issue with OSX command line SVN
From: Zachary Burnham <zburnham_at_efi.org>
Date: Fri, 9 Mar 2012 08:15:42 -0500
Below you'll find an email exchange between myself and Greg Stein in which we try to diagnose what exactly is going on with svn on my Mac. I hope it's self-explanatory.
Z
On Mar 8, 2012 4:35 PM, "Zachary Burnham" <zburnham_at_efi.org<mailto:zburnham_at_efi.org>> wrote:
Z
On Mar 8, 2012, at 4:26 PM, Greg Stein wrote:
The GeoTrust Global CA is the one that you want.
That CA is used to sign the Geotrust SSL CA certificate, which is then
So yeah... go into Keychain and export that "GeoTrust Global CA". I
On Thu, Mar 8, 2012 at 15:59, Zachary Burnham <zburnham_at_efi.org<mailto:zburnham_at_efi.org>> wrote:
Z
On Mar 8, 2012, at 3:52 PM, Greg Stein wrote:
The names shouldn't matter. I'm not sure what the problem with spaces
I'm not sure what to say here. I've got my Thawte and Equifax CAs
If the web browser is trusting it, then the CA must be in KeyChain
Cheers,
On Thu, Mar 8, 2012 at 15:44, Zachary Burnham <zburnham_at_efi.org<mailto:zburnham_at_efi.org>> wrote:
No good, I still get the same error. I've tried both GeoTrust CA
certificates that I see in my Keychain Access pane. Does it matter what the
.pem files are named? Subversion had trouble with files that had spaces in
the name.
Z
On Mar 8, 2012, at 3:36 PM, Greg Stein wrote:
That *is* for the client side. .subversion/servers is where the
configuration is located for contacting servers. In this case, you're
telling svn that particular CA can be trusted.
On Thu, Mar 8, 2012 at 15:33, Zachary Burnham <zburnham_at_efi.org<mailto:zburnham_at_efi.org>> wrote:
I don't think this is a solution for the problem that I'm having. The
problem I'm having is strictly client-side; I don't host the repository on a
Mac.
Z
On Mar 8, 2012, at 3:26 PM, Greg Stein wrote:
On Thu, Mar 08, 2012 at 02:56:10PM -0500, Zachary Burnham wrote:
Hi. I'm having some trouble with command-line svn on OSX 10.7.3 . The
problem appears to be that subversion can't find the CA certificates that
are installed on my system (visible in Keychain Access.) I get the
following error:
$ svn log
Error validating server certificate for 'https://<repo>:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: *.<repo>
- Valid: from Sun, 12 Feb 2012 02:34:03 GMT until Mon, 15 Apr 2013 19:02:56
GMT
- Issuer: GeoTrust, Inc., US
- Fingerprint: <stuff>
As you can see, the dates are OK, and the CA is valid. Going to the same
url in Safari and Firefox gives a valid SSL connection.
Does anyone have any suggestions?
I had the same problem, and came up with the following solution:
1) go into KeyChain Access and find the root certificate that you need
2) select and ctrl-click for the submenu and choose: Export "foo" ...
3) switch the file format to "Privacy Enhance Mail (.pem)"
4) save the result into /Users/whatever/.subversion
5) edit /Users/whatever/.subversion/servers:
ssl-authority-files = /Users/whatever/.subversion/foo.pem
Note that if you need multiple CAs, then use the following format:
ss-authority-files =
/Users/whatever/.subversion/first.pem;/Users/whatever/.subversion/second.pem
It is important that there are no spaces around the ";" and that it
resides on a single line.
Hope that helps,
-g
Corporate: efi.org<http://efi.org/>
CONFIDENTIALITY NOTICE: This message and attachments, if any, is intended only for the designated recipient to which it is addressed. It may contain proprietary information that is confidential or subject to copyright. If you are not the designated addressee or have otherwise received this email in error you are notified that printing, copying or distributing this message is prohibited and may be unlawful, in which case we request that you notify the sender by reply e-mail and permanently delete this message. Thank you.
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.