zdl411437734 / svnx

Automatically exported from code.google.com/p/svnx
0 stars 0 forks source link

can't open svn repos via https if the certificate issuer is not trusted #38

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. try to open a repo via https. Make sure the https certificate is not
produced by a trusted CA
2.
3.

What is the expected output? What do you see instead?
I would expect the option to accept the certificate. Instead I see a pop-up
that tells me that the certificate is not trusted and I can't do anythng
about it. 

What version of the product are you using? On what operating system?
svnX 1.0
Leopard

Please provide any additional information below.
On the command line, if you add http-library=serf to ~/.subversion/servers,
you have the possibility to add the certificate and work normally. I tried
that too but svnX still does not give me the option to accept the certificate

Original issue reported on code.google.com by marco.fe...@gmail.com on 9 Jun 2009 at 11:08

GoogleCodeExporter commented 9 years ago
Is the 'Use old parsing method' preference on?  Or are you using an svn not 
installed in /opt/subversion?
This is expected behaviour if either is true.  (Search for 'https' in the help 
window.)
By 'pop-up' do you mean an error sheet?  What is the exact wording of the 
message.

When svnX doesn't call the Subversion libraries directly it is unable to accept 
new certificates as this
requires user intervention which is not possible when svnX is using the svn 
tool.

If you have accepted a certificate manually by using the svn tool (via the 
command line) then that
certificate should be available to svnX as long as you have not disabled 
certificate caching.

What version of Subversion are you using?
Has the svn tool asked you to accept the certificate more that once?

Original comment by chris...@gmail.com on 10 Jun 2009 at 12:31

GoogleCodeExporter commented 9 years ago
Is the 'Use old parsing method' preference on? -- yes
Or are you using an svn not installed in /opt/subversion? -- if you are talking 
about
the client, yes, your're right, it is in /usr/bin ( noticed because svnX was
searching in /usr/local/bin );. If about the server, no idea 
By 'pop-up' do you mean an error sheet? -- yes
What is the exact wording of the message -- exact words, don't remember . How 
do I
remove the cert. so that I can copy & paste the words ?
What version of Subversion are you using? Again, client : 1.4.4 Server, don't 
know.
Has the svn tool asked you to accept the certificate more that once? no, I added
permanently ( thus my quesition about the removal ) 

Original comment by marco.fe...@gmail.com on 10 Jun 2009 at 7:53

GoogleCodeExporter commented 9 years ago
Never mind ... I removed the cert manually . 
Here is the error :

svn: PROPFIND request failed on
'/cbrepos/vts2/vts2_portweb/vts2_portweb_portlets/vts2_portweb_navi-in-porto_prl
'
svn: PROPFIND of
'/cbrepos/vts2/vts2_portweb/vts2_portweb_portlets/vts2_portweb_navi-in-porto_prl
':
Server certificate verification failed: issuer is not trusted
(https://els00usv03.elsag.it)

Original comment by marco.fe...@gmail.com on 10 Jun 2009 at 8:00

GoogleCodeExporter commented 9 years ago
This is expected behaviour.  It is as stated in the documentation.
I think you mean you "would LIKE the option to accept the certificate".

If you require svnX (≥1.0 only) to prompt you to accept/reject un-trusted SSL 
certificates
'Use old parsing method' must be off & you must have Subversion installed in 
/opt/subversion.
(Use one of the recommended "official" installers.)
Then open a repository browser connected via HTTPS, that you haven't previously 
accepted,
and you'll get a big alert with all the details & various options.

I don't think this is a defect, so I'm closing it.

Note: The 'Use old parsing method' preference has been replaced with
    'Call Subversion libraries directly' in svnX 1.1 & its on/off state is reversed.

Original comment by chris...@gmail.com on 10 Jun 2009 at 2:37

GoogleCodeExporter commented 9 years ago
It may not be a defect but this is causing me some grief too.  Marco, how did 
you
remove the certificate? If I run the command "svn list https://path/to/server"
everything works, it never asks me to accept the certificate.  It looks to me 
that
removing the certificate would solve my problem.

Original comment by vdrndar...@gmail.com on 16 Aug 2009 at 10:39

GoogleCodeExporter commented 9 years ago
The solution is really simple.  I'm posting it here so that others may find it. 

On the command line navigate to the your repositories directory and then do an 
svn
update:

   svn up

It will ask you if you want to accept the certificate, tell it to accept it
permanently by typing 'p' and hit enter.

svnX will be happy again.

Original comment by vdrndar...@gmail.com on 21 Aug 2009 at 6:39

GoogleCodeExporter commented 9 years ago
Wow, thanks vdrndar :) That very simple solution fixed the problem for me 
immediately :) I'm glad you commented even after this issue was filed as 
closed, or Google search would never have found this... 

Original comment by gwynethllewelyn on 27 May 2012 at 12:15

GoogleCodeExporter commented 9 years ago
This does not work for me using the svn that comes with Mac OS (10.9 
"Mavericks"). (It's in /usr/bin.) The solution suggested by vdrndar did not 
work for me. I had "Use old parsing method" deselected in the preferences. I 
also tried it with it selected; that did not work either.

Original comment by worldpea...@gmail.com on 21 Mar 2014 at 1:38

GoogleCodeExporter commented 9 years ago
I'm also having the asme issue as in #8.  Not working in 10.9 Mavericks.  SVN 
is installed in /opt/subversion.  Went in through a terminal window to do a 
command line svn co https://path/to/repo and permanently accepted the 
certificate.  Went into svnX and, tried to open the repo and I still get the 
certificate error.

Original comment by bhors...@gmail.com on 8 May 2014 at 5:16

GoogleCodeExporter commented 9 years ago
Hi! I just wanted to say that I've had vdrndar's solution works for me a couple 
of times after all, so it is worth a shot — just doesn't seem to work every 
time necessarily. :)

Original comment by worldpea...@gmail.com on 8 May 2014 at 7:26

GoogleCodeExporter commented 9 years ago
It would help me to help you if you stated exactly which versions of svnX & 
Subversion you are using.
[Choose svnX > About svnX for svnX and svnX > Preferences… for Subversion.]

Also, I believe that OSX 10.9.x does NOT include Subversion.
[So your Subversion probably came from a prior installation.]

Original comment by chris...@gmail.com on 10 May 2014 at 2:56

GoogleCodeExporter commented 9 years ago
I was going to say #6 did not work for me, either - after accepting the cert 
permanently I can use the CLI tools to access the repo, but not svnX. But 
actually, the CLI tools ask whether to accept the cert every time as well. So 
the issue seems to be with svn, not svnX.

I'm using OS X 10.9.3, svnX 1.3.4, svn 1.7.10.

Original comment by ulf.dittmer on 16 May 2014 at 10:43

GoogleCodeExporter commented 9 years ago
As a follow-up to #8, #9 and my previous post #12 where accepting the 
certificate permanently via the CLI does not work on Mavericks: make sure all 
files in ~/.subversion/auth/svn.ssl.server have 644 permissions. The one I 
could not accept permanently had 444 permissions; after changing that to 644 I 
was able to accept it permanently.

Original comment by ulf.dittmer on 25 Jun 2014 at 7:37