[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sat, 20 Jul 2019 10:55:36 -0400

On Fri, Jul 19, 2019 at 7:41 AM Pierre Fourès <pierre.foures_at_gmail.com> wrote:
>
> Hi all,
>
> I have a script accessing an old svn server whom SSL certificate have
> expired a long time ago. Up to now, I was permanently accepting the
> certificate on the first run of the script and then everything was
> sailling smooth. I reinstalled a couple of months ago a new box where
> this script was intented to run and the (p)ermanently option seems not
> provided anymore.

Negotiating certificate trust can be fun. Can you sidestep the whole
issue by switching to svn+sh? Or get new, signed certificates?

> Thankfully, I still have the "old" running box to double-check, and
> the (p)ermanently option is still present. Both boxes are Debian
> Buster (but was installed as unstable, before the official release).
> The (p)ermanently option was also present in svn on previous versions
> of Debian.
>
> I can notice that the versions of svn changed between my old and new
> box from 1.10.2 to 1.10.4. Nonetheless, I gave a look at the
> change-log [1] and it doesn't seem specified this option has been
> removed. I also gave a look on openssl version and it went upgraded
> from 1.1.0h to 1.1.1b, but I have no clue to evaluate if the removal
> of the (p)ermanently option is linked or not the openssl upgrade.
>
> If some of you have an hint and an half to explain how and why this
> option disapeared, that would be really nice. I wonder if it was meant
> or not, to see where I'm headed.
>
> More over, I would really appreciate if someone could share a solution
> to still permanently accept the certificate on the new box, as for
> now, I can't use this box and the old one should soon be
> decommissioned.

Stefan has correctly pointed out ways to get your client, at run-time,
to accept failed certificates. But what is stopping you from replacing
the certificate?

> Best Regards,
> Pierre
>
> [1] https://svn.apache.org/repos/asf/subversion/tags/1.10.4/CHANGES
Received on 2019-07-20 16:55:52 CEST

This is an archived mail posted to the Subversion Users mailing list.