I tried your patch against https://svn.eu.apache.org/repos/asf/subversion/README (which uses a non-self-signed cert, but rather one for which the cert's hostname differs from the URI's hostname), and it didn't seem to work:
[[[ ./tools/examples/get-location-segments.py https://svn.eu.apache.org/repos/asf/subversion/README Untrusted cert details are as follows: -------------------------------------- Issuer : 07969287, http://certificates.godaddy.com/repository, GoDaddy.com, Inc., Scottsdale, Arizona, US Hostname : svn.apache.org ValidFrom : Thu, 13 Nov 2008 18:56:12 GMT ValidUpto : Thu, 26 Jan 2012 14:18:55 GMT Fingerprint: cc:54:a4:a9:ec:3a:9b:1c:23:ac:2d:57:c6:96:9f:5f:4a:1d:2d:86 accept (t)temporarily (p)permanently: t Traceback (most recent call last): File "./tools/examples/get-location-segments.py", line 147, in <module> main() File "./tools/examples/get-location-segments.py", line 142, in main ra_session = ra.open(url, ra_callbacks, None, ctx.config) File "/usr/lib/pymodules/python2.6/libsvn/ra.py", line 534, in svn_ra_open return _ra.svn_ra_open(*args) svn.core.SubversionException: ("OPTIONS of 'https://svn.eu.apache.org/repos/asf/subversion/README': Server certificate verification failed: certificate issued for a different hostname (https://svn.eu.apache.org)", 175002) zsh: exit 1 ./tools/examples/get-location-segments.py ]]] What am I missing? Prabhu Gnana Sundar wrote on Thu, Aug 18, 2011 at 17:15:09 +0530: > Hi all, > > Till now the get-location-segments.py script does not work against > self-signed ssl servers. Now I have worked on > the script and made it work even against the untrusted self-signed > ssl servers. > > Attaching the patch and the log message with this mail. Please share > your thoughts. > > > > Thanks and regards > Prabhu > get-location-segments.py script would now work for self-signed ssl servers too > > * tools/examples/get-location-segments.py > (main): added a couple of auth providers to enable authenticating > against self-signed ssl servers too (in interactive mode). > (prompt_func_ssl_unknown_cert): new callback function > (prompt_func_simple_prompt): new callback function > > Patch by: Prabhu Gnana Sundar <prabhugs{_AT_}collab.net> > Index: tools/examples/get-location-segments.py > =================================================================== > --- tools/examples/get-location-segments.py (revision 1153033) > +++ tools/examples/get-location-segments.py (working copy) > @@ -21,6 +21,7 @@ > # > import sys > import os > +import getpass > from svn import client, ra, core > > def printer(segment, pool): > @@ -71,6 +72,39 @@ > return url, peg_revision, start_revision, end_revision > > > +def prompt_func_ssl_unknown_cert(realm, failures, cert_info, may_save, pool): > + print "Untrusted cert details are as follows:" > + print "--------------------------------------" > + print "Issuer : " + str(cert_info.issuer_dname) > + print "Hostname : " + str(cert_info.hostname) > + print "ValidFrom : " + str(cert_info.valid_from) > + print "ValidUpto : " + str(cert_info.valid_until) > + print "Fingerprint: " + str(cert_info.fingerprint) > + print "" > + ssl_trust = core.svn_auth_cred_ssl_server_trust_t() > + if may_save: > + choice = raw_input( "accept (t)temporarily (p)permanently: ") > + else: > + choice = raw_input( "(r)Reject or accept (t)temporarily: ") > + if choice == "t" or choice == "T": > + ssl_trust.may_save = False > + ssl_trust.accepted_failures = failures > + if choice == "p" or choice == "P": > + ssl_trust.may_save = True > + ssl_trust.accepted_failures = failures > + else: > + ssl_trust = None > + return ssl_trust > + > +def prompt_func_simple_prompt(realm, username, may_save, pool): > + username = raw_input("username: ") > + password = getpass.getpass(prompt="password: ") > + simple_cred = core.svn_auth_cred_simple_t() > + simple_cred.username = username > + simple_cred.password = password > + simple_cred.may_save = False > + return simple_cred > + > def main(): > try: > url, peg_revision, start_revision, end_revision = > parse_args(sys.argv[1:]) > @@ -94,6 +128,8 @@ > providers = [ > client.get_simple_provider(), > client.get_username_provider(), > + core.svn_auth_get_simple_prompt_provider(prompt_func_simple_prompt, 2), > + > core.svn_auth_get_ssl_server_trust_prompt_provider(prompt_func_ssl_unknown_cert), > client.get_ssl_server_trust_file_provider(), > client.get_ssl_client_cert_file_provider(), > client.get_ssl_client_cert_pw_file_provider(),
