[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Can't not confirm untrusted certificate

From: Sergiy Tkachuk <sergtk.job_at_gmail.com>
Date: Tue, 27 Aug 2013 12:27:11 +0300

On 26.08.2013 11:55, Ivan Zhakov wrote:
> On Mon, Aug 26, 2013 at 1:41 AM, Stefan Sperling <stsp_at_elego.de> wrote:
>> On Mon, Aug 26, 2013 at 12:30:02AM +0300, Sergiy Tkachuk wrote:
>>> Hello,
>>>
>>> I am using TortoiseSVN 1.8.1, Build 24570 - 32 Bit , 2013/07/22
>>> 18:28:29, Subversion 1.8.1, -release, apr 1.4.8, apr-util 1.5.2,
>>> serf 1.3.0, OpenSSL 1.0.1e 11 Feb 2013, zlib 1.2.8
>>>
>>> I created batch file and want to call it from Jenkins CI.
>>>
>>> The command line follows:
>>> svn update --trust-server-cert --non-interactive --username UserName
>>> --password Password FolderName
>>>
>>> If I run it from cmd.exe it is ok.
>>>
>>> But if I run it from Jankins, it fails with error:
>>>
>>> svn: E230001: Unable to connect to a repository at URL 'https://server/path <https://www.aim-inc-usa.net:8086/svn/dev/ExactWire/trunk/samples/SandboxCi>'
>>> svn: E230001: Server SSL certificate untrusted
>>>
>>> I found similar question at SO http://stackoverflow.com/questions/17177405/svn-server-ssl-certificate-untrusted-from-post-commit-hook
>>> , but there is no answer for it.
>>>
>>> How can I fix the issue?
>>>
>>> Thanks in advance,
>>>
>>> --
>>> Best wishes,
>>> Sergiy Tkachuk
>>>
>> The --trust-server-cert option only overrides errors where the hostname
>> does not match the CN given in the certificate. It does not override
>> other error cases, such as expired certificates. Unfortunately,
>> there is currently no way to ignore other error conditions.
>>
> There is a bug in Subversion 1.8.0-1.8.1 that hostname check is
> case-sensitive, while it should be case-insensitive. Subversion
> canonicalize request hostname to lowercase so you get CN mistmatch if
> you have uppercase letters in your server certificate. This problem
> should be fixed in upcoming Subversion 1.8.3:
> * ra_serf: ignore case when checking certificate common names (r1514763)
>
> Is it your case?
>

Hello,

I have managed to fix the issue.

The issue was because of CN mismatch to server name.
Finally certificate with correct CN re-issued, nothing else helped.

I described more details at http://stackoverflow.com/a/18461594/13441

Thanks,
Sergiy
Received on 2013-08-27 11:28:03 CEST

This is an archived mail posted to the Subversion Users mailing list.