Re: Can't access SVN repos from command Line: Server SSL certificate untrusted
Edward Ned Harvey (svn4) wrote on Wed, Nov 27, 2013 at 01:47:11 +: What are the important details and/or original post that I'm missing? You could read the original post in the list archives... http://svn.haxx.se/users/archive-2013-11/
Re: Can't access SVN repos from command Line: Server SSL certificate untrusted
Hello, Regarding your question, When you upgraded the server, did you also upgrade mod_dav_svn only? Or did you also upgrade httpd and/or openssl at the same time? I've asked the other team and here is their response: When you upgraded the server, did you also upgrade mod_dav_svn only? No change has occurred on mod dav svn did you also upgrade httpd and/or openssl at the same time? After svn servers migration, we have installed openssl on the web frontal machines(web server relocate all 443 request to SVN servers via apache mod proxy module).This automatically upgraded some modules of apache (ex: mod ssl). Regards
Re: Can't access SVN repos from command Line: Server SSL certificate untrusted
On 26 Nov 2013 15:39, Mehdi Hayani hayani.mehdi...@gmail.com wrote: I've asked the other team and here is their response: When you upgraded the server, did you also upgrade mod_dav_svn only? No change has occurred on mod dav svn If this means that the Subversion libraries were upgraded, but mod_dav_svn was not, that may be the reason for your problem. It's not very likely, but is worth investigating. — Brane
RE: Can't access SVN repos from command Line: Server SSL certificate untrusted
From: Branko Čibej [mailto:br...@wandisco.com] Sent: Tuesday, November 26, 2013 11:17 AM On 26 Nov 2013 15:39, Mehdi Hayani hayani.mehdi...@gmail.com wrote: I've asked the other team and here is their response: When you upgraded the server, did you also upgrade mod_dav_svn only? No change has occurred on mod dav svn If this means that the Subversion libraries were upgraded, but mod_dav_svn was not, that may be the reason for your problem. It's not very likely, but is worth investigating. Sorry I just joined this discussion, and I don't have the history, but the subject caught my attention, and I happen to know something (usually a lot) about ssl certificates and so forth... What are the important details and/or original post that I'm missing? I'm only responding to the generic can't access SVN repos, certificate untrusted. I'm assuming you're using apache httpd, serving https, and I've certainly seen many situations where some slight variation in the way you install your server cert causes some clients (such as Chrome) to show the cert looking good... while other clients complain about the cert. (I've learned nothing, if not, that you need to test every version of every client on every platform that you care to support.) I'm making assumptions about your problem, and motivated to say: The most common reason for a cert to be accepted by one client and rejected by another client, is the ordering of the certificate chain. If you needed to concatenate some certs into cert file, the correct ordering is your local server cert, followed by intermediate, followed by root CA. But maybe I'm cluelessly talking about something unrelated to your actual problem. Sorry if so...
Can't access SVN repos from command Line: Server SSL certificate untrusted
Hi, After upgrading the version of our svn server from 1.7 to 1.8, I'm not able to access from command line, for example, if I run* svn co* followed by the project svn URL here is what I get: [root@FPROD ~]# svn list https://svn-repo/svn/repos/project/trunk Error validating server certificate for 'https://svn-repo:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! - The certificate hostname does not match. Certificate information: - Hostname: T02PROD - Valid: from Nov 11 07:23:00 2013 GMT until Nov 11 07:23:00 2014 GMT - Issuer: SomeOrganizationalUnit, SomeOrganization, SomeCity, SomeState, -- (root@T02PROD) - Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX (R)eject, accept (t)emporarily or accept (p)ermanently? p After accepting certificate, nothing shows and it remains planted until I tape* 'Ctrl + C* to cancel it. Before upgrading svn server version, this problem never shows up and when I tought that is was related to the upgrade, I found that from one of the machines, where installed version 1.6 of svn client, accessing svn repo works fine. The only thing that comes in mind seeing this is that there is some sort of incompatibility between svn client 1.7 and svn server 1.8, but I'm not sure, it may be also because something is missing in my svn client installation. Hope you could help me solving this issue. Thanks in Advance Regards, Mehdi
Re: Can't access SVN repos from command Line: Server SSL certificate untrusted
Mehdi Hayani wrote on Mon, Nov 25, 2013 at 11:25:24 +: - Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX (R)eject, accept (t)emporarily or accept (p)ermanently? p After accepting certificate, nothing shows and it remains planted until I tape* 'Ctrl + C* to cancel it. Did you press Enter after pressing p? Does it also happen if you pass --non-interactive --trust-server-cert to svn? (This is an attempt to rule out various timeout issues.) Before upgrading svn server version, this problem never shows up When you upgraded the server, did you also upgrade mod_dav_svn only? Or did you also upgrade httpd and/or openssl at the same time?
Re: Can't access SVN repos from command Line: Server SSL certificate untrusted
On Mon, Nov 25, 2013 at 3:50 PM, Daniel Shahaf d...@daniel.shahaf.name wrote: Mehdi Hayani wrote on Mon, Nov 25, 2013 at 11:25:24 +: - Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX (R)eject, accept (t)emporarily or accept (p)ermanently? p After accepting certificate, nothing shows and it remains planted until I tape* 'Ctrl + C* to cancel it. Did you press Enter after pressing p? Does it also happen if you pass --non-interactive --trust-server-cert to svn? (This is an attempt to rule out various timeout issues.) Before upgrading svn server version, this problem never shows up When you upgraded the server, did you also upgrade mod_dav_svn only? Or did you also upgrade httpd and/or openssl at the same time? Also, why not give the CA (internal/private or external) you use for svn-repo to the clients?
Re: Can't access SVN repos from command Line: Server SSL certificate untrusted
[Forwarding back to the list] Mehdi Hayani wrote on Mon, Nov 25, 2013 at 21:05:42 +: When you upgraded the server, did you also upgrade mod_dav_svn only? Or did you also upgrade httpd and/or openssl at the same time? I don't know what was done exactly during the update, because there is another team who take this in charge. But I would appreciate if you can tell me what's the difference between upgrading these packages You report something broke so everyone's first question is What changed?. Part of What changed? is what exactly was upgraded. Daniel (please keep the list in CC on replies)