Hi!
I have a repo to which I connect via https. The problem is that it uses a self-signed certificate and I to tell svn each time to trust the certificate (even so that I tell it to accept it permanently). When I want to use now the svn-bundle nothing works because there is no window where I can do any input of any kind for accepting the certificate. Any ideas what I can do about that? (It seems though the reason lies in my svn-installation because the certificate doesn't get cached; would be better if anyone would have an idea how to fix that).
Niels
On 09/04/2008, at 3:24 PM, Niels Kobschaetzki wrote:
I have a repo to which I connect via https. The problem is that it uses a self-signed certificate and I to tell svn each time to trust the certificate (even so that I tell it to accept it permanently). When I want to use now the svn-bundle nothing works because there is no window where I can do any input of any kind for accepting the certificate. Any ideas what I can do about that? (It seems though the reason lies in my svn-installation because the certificate doesn't get cached; would be better if anyone would have an idea how to fix that).
Hi Niels,
I have some stuff in the works that will fix this problem. We should be able to update the svn bundle in the next few days, after which whenever svn prompts you TM will be so kind as to bring up a dialog for you to enter whatever you need.
Stay tuned.
LD.
On Wed, Apr 9, 2008 at 7:39 AM, Luke Daley ld@ldaley.com wrote:
On 09/04/2008, at 3:24 PM, Niels Kobschaetzki wrote:
I have a repo to which I connect via https. The problem is that it uses a self-signed certificate and I to tell svn each time to trust the certificate (even so that I tell it to accept it permanently). When I want to use now the svn-bundle nothing works because there is no window where I can do any input of any kind for accepting the certificate. Any ideas what I can do about that? (It seems though the reason lies in my svn-installation because the certificate doesn't get cached; would be better if anyone would have an idea how to fix that).
Hi Niels,
I have some stuff in the works that will fix this problem. We should be able to update the svn bundle in the next few days, after which whenever svn prompts you TM will be so kind as to bring up a dialog for you to enter whatever you need.
Stay tuned.
That sounds good :)
Niels
On 2008-Apr-9, at 1:24 AM, Niels Kobschaetzki wrote:
I have a repo to which I connect via https. The problem is that it uses a self-signed certificate and I to tell svn each time to trust the certificate (even so that I tell it to accept it permanently).
I had this problem with the svn server at work because it uses a cert signed by an internal Certificate Authority. Subversion is asking openssl if a cert is OK or not, so if you can convince openssl that it's OK, the rest of the system will like it. (And by "the rest of the system", I mean the unix stuff. Most GUI apps will use the keychain… unless it's a GUI app like TextMate or svnX that's calling unix commands in the background… but you get the idea.)
I was able to get it "trusted" (and eliminate the prompt) by copying our CA's cert (blah.pem) to /System/Library/OpenSSL/certs/ and running `sudo c_rehash`. I haven't tried this with just a self-signed cert, but the solution is probably similar.
And no, you're never ever supposed to touch anything in /System, but that's the only location I've found that openssl checks for certs. Apple places absolutely nothing in the certs directory when you install the OS, so I can only conclude that it is meant to be used by the local system admin. (Why else would it exist at all?) Perhaps someone will correct me.
--- Rob McBroom http://www.skurfer.com/
I have a repo to which I connect via https. The problem is that it uses a self-signed certificate and I to tell svn each time to trust the certificate (even so that I tell it to accept it permanently).
I suggest you try to checkout the repo from SVN trough command line for the first time. SVN should catch-up that the certificate is untrusted and ask whether you want to accept it permanently. I believe from then on you can proceed with Subversion bundle and your certificate without any problem, as AFAIK this bundle calls "svn" command internally anyway.
I've also self-signed certificate and I used command line to accept the certificate once permanently and now everything works smooth.
Cheers,
On Wed, Apr 9, 2008 at 5:30 PM, Adam Strzelecki ono@java.pl wrote:
I have a repo to which I connect via https. The problem is that it uses a self-signed certificate and I to tell svn each time to trust the certificate (even so that I tell it to accept it permanently).
I suggest you try to checkout the repo from SVN trough command line for the first time. SVN should catch-up that the certificate is untrusted and ask whether you want to accept it permanently. I believe from then on you can proceed with Subversion bundle and your certificate without any problem, as AFAIK this bundle calls "svn" command internally anyway.
I did that and it wasn't cached :(
Niels
-
Adam Strzelecki -
Luke Daley -
Niels Kobschaetzki -
Rob McBroom