Re: Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-27 Thread Daniel Shahaf 
Edward Ned Harvey (svn4) wrote on Wed, Nov 27, 2013 at 01:47:11 +:
 What are the important details and/or original post that I'm missing?

You could read the original post in the list archives...

http://svn.haxx.se/users/archive-2013-11/

Re: Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-26 Thread Mehdi Hayani 
Hello,

Regarding your question,

When you upgraded the server, did you also upgrade mod_dav_svn only?  Or
did you also upgrade httpd and/or openssl at the same time?

I've asked the other team and here is their response:

When you upgraded the server, did you also upgrade mod_dav_svn only?

No change has occurred on mod dav svn
did you also upgrade httpd and/or openssl at the same time?

After svn servers migration, we have installed openssl on the web frontal
machines(web server relocate all 443 request to SVN servers via apache mod
proxy module).This automatically upgraded some modules of apache (ex: mod
ssl).



Regards

Re: Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-26 Thread Branko Čibej 
On 26 Nov 2013 15:39, Mehdi Hayani hayani.mehdi...@gmail.com wrote:
 I've asked the other team and here is their response:

 When you upgraded the server, did you also upgrade mod_dav_svn only?

 No change has occurred on mod dav svn

If this means that the Subversion libraries were upgraded, but mod_dav_svn
was not, that may be the reason for your problem. It's not very likely, but
is worth investigating.

— Brane

RE: Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-26 Thread Edward Ned Harvey (svn4) 
 From: Branko Čibej [mailto:br...@wandisco.com]
 Sent: Tuesday, November 26, 2013 11:17 AM
 
 On 26 Nov 2013 15:39, Mehdi Hayani hayani.mehdi...@gmail.com
 wrote:
  I've asked the other team and here is their response:
 
  When you upgraded the server, did you also upgrade mod_dav_svn
 only?
 
  No change has occurred on mod dav svn
 If this means that the Subversion libraries were upgraded, but mod_dav_svn
 was not, that may be the reason for your problem. It's not very likely, but is
 worth investigating.

Sorry I just joined this discussion, and I don't have the history, but the 
subject caught my attention, and I happen to know something (usually a lot) 
about ssl certificates and so forth...  What are the important details and/or 
original post that I'm missing?  I'm only responding to the generic can't 
access SVN repos, certificate untrusted.

I'm assuming you're using apache httpd, serving https, and I've certainly seen 
many situations where some slight variation in the way you install your server 
cert causes some clients (such as Chrome) to show the cert looking good... 
while other clients complain about the cert.  (I've learned nothing, if not, 
that you need to test every version of every client on every platform that you 
care to support.) 

I'm making assumptions about your problem, and motivated to say:  The most 
common reason for a cert to be accepted by one client and rejected by another 
client, is the ordering of the certificate chain.  If you needed to concatenate 
some certs into cert file, the correct ordering is your local server cert, 
followed by intermediate, followed by root CA.

But maybe I'm cluelessly talking about something unrelated to your actual 
problem.  Sorry if so...

Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-25 Thread Mehdi Hayani 
Hi,

After upgrading the version of our svn server from 1.7 to 1.8, I'm not able
to access from command line, for example, if I run* svn co* followed by the
project svn URL here is what I get:

[root@FPROD ~]# svn list https://svn-repo/svn/repos/project/trunk
Error validating server certificate for 'https://svn-repo:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
 - The certificate hostname does not match.
Certificate information:
 - Hostname: T02PROD
 - Valid: from Nov 11 07:23:00 2013 GMT until Nov 11 07:23:00 2014 GMT
 - Issuer: SomeOrganizationalUnit, SomeOrganization, SomeCity, SomeState,
-- (root@T02PROD)
 - Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
(R)eject, accept (t)emporarily or accept (p)ermanently? p

After accepting certificate, nothing shows and it remains planted until I
tape* 'Ctrl + C* to cancel it.

Before upgrading svn server version, this problem never shows up and when I
tought that is was related to the upgrade, I found that from one of the
machines, where installed version 1.6 of svn client, accessing svn repo
works fine.

The only thing that comes in mind seeing this is that there is some sort of
incompatibility between svn client 1.7 and svn server 1.8, but I'm not
sure, it may be also because something is missing in my svn client
installation.


Hope you could help me solving this issue.

Thanks in Advance


Regards,
Mehdi

Re: Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-25 Thread Daniel Shahaf 
Mehdi Hayani wrote on Mon, Nov 25, 2013 at 11:25:24 +:
  - Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
 (R)eject, accept (t)emporarily or accept (p)ermanently? p
 
 After accepting certificate, nothing shows and it remains planted until I
 tape* 'Ctrl + C* to cancel it.
 

Did you press Enter after pressing p?

Does it also happen if you pass --non-interactive --trust-server-cert to
svn?  (This is an attempt to rule out various timeout issues.)

 Before upgrading svn server version, this problem never shows up

When you upgraded the server, did you also upgrade mod_dav_svn only?  Or
did you also upgrade httpd and/or openssl at the same time?

Re: Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-25 Thread Mauricio Tavares 
On Mon, Nov 25, 2013 at 3:50 PM, Daniel Shahaf d...@daniel.shahaf.name wrote:
 Mehdi Hayani wrote on Mon, Nov 25, 2013 at 11:25:24 +:
  - Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
 (R)eject, accept (t)emporarily or accept (p)ermanently? p

 After accepting certificate, nothing shows and it remains planted until I
 tape* 'Ctrl + C* to cancel it.


 Did you press Enter after pressing p?

 Does it also happen if you pass --non-interactive --trust-server-cert to
 svn?  (This is an attempt to rule out various timeout issues.)

 Before upgrading svn server version, this problem never shows up

 When you upgraded the server, did you also upgrade mod_dav_svn only?  Or
 did you also upgrade httpd and/or openssl at the same time?

  Also, why not give the CA (internal/private or external) you use
for svn-repo to the clients?

Re: Can't access SVN repos from command Line: Server SSL certificate untrusted

2013-11-25 Thread Daniel Shahaf 
[Forwarding back to the list]

Mehdi Hayani wrote on Mon, Nov 25, 2013 at 21:05:42 +:
 When you upgraded the server, did you also upgrade mod_dav_svn only?  Or
 did you also upgrade httpd and/or openssl at the same time?
 
 I don't know what was done exactly during the update, because there is
 another team who take this in charge.
 But I would appreciate if you can tell me what's the difference between
 upgrading these packages

You report something broke so everyone's first question is What
changed?.  Part of What changed? is what exactly was upgraded.

Daniel
(please keep the list in CC on replies)