[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Can't not confirm untrusted certificate

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Mon, 26 Aug 2013 12:55:03 +0400

On Mon, Aug 26, 2013 at 1:41 AM, Stefan Sperling <stsp_at_elego.de> wrote:
> On Mon, Aug 26, 2013 at 12:30:02AM +0300, Sergiy Tkachuk wrote:
>> Hello,
>>
>> I am using TortoiseSVN 1.8.1, Build 24570 - 32 Bit , 2013/07/22
>> 18:28:29, Subversion 1.8.1, -release, apr 1.4.8, apr-util 1.5.2,
>> serf 1.3.0, OpenSSL 1.0.1e 11 Feb 2013, zlib 1.2.8
>>
>> I created batch file and want to call it from Jenkins CI.
>>
>> The command line follows:
>> svn update --trust-server-cert --non-interactive --username UserName
>> --password Password FolderName
>>
>> If I run it from cmd.exe it is ok.
>>
>> But if I run it from Jankins, it fails with error:
>>
>> svn: E230001: Unable to connect to a repository at URL 'https://server/path <https://www.aim-inc-usa.net:8086/svn/dev/ExactWire/trunk/samples/SandboxCi>'
>> svn: E230001: Server SSL certificate untrusted
>>
>> I found similar question at SO http://stackoverflow.com/questions/17177405/svn-server-ssl-certificate-untrusted-from-post-commit-hook
>> , but there is no answer for it.
>>
>> How can I fix the issue?
>>
>> Thanks in advance,
>>
>> --
>> Best wishes,
>> Sergiy Tkachuk
>>
>
> The --trust-server-cert option only overrides errors where the hostname
> does not match the CN given in the certificate. It does not override
> other error cases, such as expired certificates. Unfortunately,
> there is currently no way to ignore other error conditions.
>
There is a bug in Subversion 1.8.0-1.8.1 that hostname check is
case-sensitive, while it should be case-insensitive. Subversion
canonicalize request hostname to lowercase so you get CN mistmatch if
you have uppercase letters in your server certificate. This problem
should be fixed in upcoming Subversion 1.8.3:
* ra_serf: ignore case when checking certificate common names (r1514763)

Is it your case?

-- 
Ivan Zhakov
CTO | VisualSVN | http://www.visualsvn.com
Received on 2013-08-26 10:56:01 CEST

This is an archived mail posted to the Subversion Users mailing list.