All geek questions in one place

Error "Violation of the use of the key in the certificate" using Subversion, VisualSVN Server

I am using Eclipse (Indigo) with subclipse 3.6 on Ubuntu 11.10.

I connected to svn with a subtitle on other machines before there was no problem, but it will not work with my recently updated ubuntu machine (from 11.04 to 11.10).

when I try to connect to my private svn server (VisualSVN Server on Windows), I get the following error:

RA layer request failed svn: OPTIONS of 'https://76.27.122.123/svn/brock': SSL handshake failed: SSL error: Key usage violation in certificate has been detected. (https://76.27.122.123) Key usage violation in certificate

So apply it on google and found this solution: http://andrewbrobinson.com/2011/11/01/fixing-ssl-handshake-failed-ssl-error-key-usage-violation-in-certificate-has-been -detected-error-on-svn-checkout /

This basically suggests that since neon now uses GnuTls, it is strict and rejects my invalid certificate (for example, I said it was a private svn, so it is not trusted). But when I do the mv commands and symlinks, then this will ruin my JavaHL installation and give me this error:

 Failed to load JavaHL Library. These are the errors that were encountered: no libsvnjavahl-1 in java.library.path ...

I disabled the mv command and now JavaHL works after the following instructions that I found here http://subclipse.tigris.org/wiki/JavaHL#head-5ccce53a67ca6c3965de863ae91e2642eab537de but the key usage certificate error still fails. Any ideas?

+4
source share
2 answers

During the initial setup, VisualSVN Server 2.5 creates a self-signed certificate and adds it to the store of trusted root certificate authorities on the local computer. To avoid potential security issues, VisualSVN Server makes this self-signed certificate valid only for server authentication (by specifying the Key Usage extension).

Subversion clients created against GnuTLS do not recognize such a certificate and errors occur.

Possible workarounds:

  • Sign a certificate using a trusted certificate authority (recommended)
  • Use the VisualSVN Server workaround to create the certificate without specifying the Key Usage extension. See KB56 for detailed instructions.
  • Configure eclipse to use Neon with OpenSSL instead of GnuTLS
+4
source

Alternatively you can add

 alias svn='LD_PRELOAD=/usr/lib/libneon.so.27 svn'

to your .bashrc , so only a change to the svn will be triggered by a change to libneon, not the other packages. Also be careful that the solution mentioned in your link will be broken on Ubuntu 12.04 LTS. To do this, you need to follow these steps:

  • Remove the current libneon package:

     sudo apt-get remove libneon27

  • Download the latest libneon package from http://packages.debian.org/squeeze/libneon27 (below you can choose the right version for your architecture).

  • Install the required libssl dependency:

     sudo apt-get install libssl0.9.8

  • Install the downloaded libneon package. For instance. for 64Bit architecture:

     dpkg -i libneon27_0.29.3-3_amd64.deb

  • Add

     alias svn='LD_PRELOAD=/usr/lib/libneon.so.27 svn'

    to your .bashrc , and relogin.

Source: http://www.yeap.de/blog2.0/archives/260-Subversion-Certificate-Problems-with-Ubuntu-Precise-Pangolin.html

+1
source

Source: https://habr.com/ru/post/1395364/

More articles:


All Articles