Den mån 25 mars 2024 kl 15:19 skrev Jeffrey Walton <noloa...@gmail.com>:
> On Mon, Mar 25, 2024 at 9:54 AM Stanley Gilliam via users > <users@subversion.apache.org> wrote: > > > > I am a system admin for GlaxoSmithKline. We are currently having issues > getting our svn instance to authenticate. This all happened after the cert > was updated. We are currently getting the message : > > > > svn: E175002: OPTIONS of 'https://hpc.gsk.com/xxx/xxx/etc': Server > certificate verification failed: issuer is not trusted ( > https://hpc.gsk.com) > > > > The cert was updated correctly we believe because the website works. > > > > is there anybody that may be able to help? > > DNS seems to be a problem: > > $ openssl s_client -connect hpc.gsk.com:443 -servername hpc.gsk.com > 40D7F6E4F1710000:error:10080002:BIO routines:BIO_lookup_ex:system > lib:../crypto/bio/bio_addr.c:738:Name or service not known > connect:errno=22 > > And: > > $ nslookup hpc.gsk.com > Server: 127.0.0.53 > Address: 127.0.0.53#53 > > ** server can't find hpc.gsk.com: NXDOMAIN > > You should add a DNS entry for the host 'hpc'. Then, rerun the experiment. > It might be that the hpc.gsk.com domain is only available on an internal network (ie, on an internal DNS server). If there was a missing DNS entry you should get an error message similar to this: $ svn ls https://hpc.gsk.com svn: E170013: Unable to connect to a repository at URL 'https://hpc.gsk.com' svn: E670002: Name or service not known $ (The missing DNS entry makes it more difficult for someone outside of the company to help in debugging of course!). "issuer is not trusted" sounds to me like it is a self-signed certificate or that the certificate is signed by a root that isn't trusted by the client. Can you verify that the client really trust the issuer of the certificate? Another potential explanation (although not supported by the available evidence) is that there is a mismatch between the cipher of the new certificate compared to what OpenSSL on the client is supporting. Which platform are you on and what are the versions of Subversion and the linked OpenSSL library? Kind regards, Daniel
