Consider the following scenario. An old SVN server accessible via HTTPS that has been moved to another domain (without a new certificate) and whose certificate has expired. I stick to this situation as I do not affect the remote end.
I adhere equally to this version of the Subversion client that ships with Scientific Linux 6.3:
$ svn --version
svn, version 1.6.11 (r934486)
compiled Feb 10 2015, 17:07:04
I know about --non-interactive --trust-server-cert, but this does not help, although the documentation assumes that they should be available and work in versions of Subversion 1.6. The error he gives me is:
svn: OPTIONS of 'https://svn.company.tld/svn/project/trunk': Server certificate verification failed: certificate has expired, certificate issued for a different hostname, bad certificate chain (https:
When I run it online, I am only asked to accept the certificate temporarily or reject it . Thus, all the nice recipes that offer to run interactively once, and then run non-interactively, I feel bad. In fact, this is how I always did it on new Subversion clients with Ubuntu. I see this (edited):
Error validating server certificate for 'https://svn.company.tld:443':
- The certificate hostname does not match.
- The certificate has expired.
- The certificate has an unknown error.
Certificate information:
- Hostname: *.oldcompanyname.tld
- Valid: from Tue, 02 Jun 2009 00:00:00 GMT until Wed, 06 Jul 2011 23:59:59 GMT
- Issuer: www.digicert.com, DigiCert Inc, US
- Fingerprint: fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd:fd
(R)eject or accept (t)emporarily?
Accepting temporarily allows me to cache the credentials and that’s all, but it again suggests trusting the certificate temporarily or rejecting it for each revision that it pulls from the remote server.
So this is not an option for me, since I need it to be automated, at least.
I also adjusted ~/.subversion/serversto contain:
[global]
ssl-authority-files = /home/username/.subversion/cacert-svn.pem
PEM ( ) openssl:
openssl s_client -showcerts -connect svn.company.tld:443 < /dev/null > cacert-svn.pem
( , PEM Subversion, , Apache ). .
~/.subversion svn, version 1.8.8 (r1568071) Scientific Linux. .
Subversion , , ?
, , , Subversion, :