top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Can't not confirm untrusted certificate using SVN

+1 vote
812 views

I am using TortoiseSVN 1.8.1,
Build 24570 - 32 Bit , 2013/07/22 18:28:29, Subversion 1.8.1, -release, apr 1.4.8, apr-util 1.5.2, serf 1.3.0, OpenSSL 1.0.1e 11 Feb 2013, zlib 1.2.8

I created batch file and want to call it from Jenkins CI.

The command line follows:

svn update --trust-server-cert --non-interactive --username UserName --password Password FolderName

If I run it from cmd.exe it is ok. But if I run it from Jankins, it fails with error:

svn: E230001: Unable to connect to a repository at URL 'https://server/path' svn: E230001: Server SSL certificate untrusted

I found similar question at SO http://stackoverflow.com/questions/17177405/svn-server-ssl-certificate-untrusted-from-post-commit-hook, but there is no answer for it. How can I fix the issue?

posted Aug 25, 2013 by Sonu Jindal

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

2 Answers

+1 vote

The --trust-server-cert option only overrides errors where the hostname does not match the CN given in the certificate. It does not override other error cases, such as expired certificates. Unfortunately, there is currently no way to ignore other error conditions.

I consider this is a bug. Subversion should allow for tolerating other SSL errors, too. But so far no fix has been implemented. So for now, you might need to ask the admins of the service to fix their cert.

answer Aug 25, 2013 by Luv Kumar
+1 vote

Finally I have managed to fix the issue.
The issue was because of CN mismatch to server name. Finally certificate with correct CN re-issued, nothing else helped.

answer Aug 27, 2013 by anonymous
Can you tell me the process followed?
Please ask a fresh question, its a old thread.
Similar Questions
+4 votes

We want to set up SSL client authentication and we will only have a single client that we want to allow through to the website.

Is it possible to allow just a single certificate to authenticate by just specifying that one cert in SSLCACertificateFile? i.e. without specifying the CA cert instead?

If so, would my SSLVerifyDepth then be zero?

Are there any reasons I might not have thought about why this isn't a good idea or any other considerations?

+4 votes

The ssl cert on my apache server have expired. It is actually a server at work - a important one as well so I'm a bit stressed at the moment.

The cert is renewed and I have received the cert files. I'm now trying to install them but I can't get it to work.

I thought it was as simple as just copying the new crt file to the server and restart apache but apache start fails.

I see this in the log:

509 certificate routines:X509_check_private_key:key values mismatch

Server: Apache 2.2.22 on Ubuntu 12.04. How does one install a renewed ssl cert? Do I need to create a new private key and ca-bundle? Please point me in the right direction.

0 votes

We have a situation where a few folks don't use --reintegrate option when performing SVN merge, while others do.
Whats
1- the consequence of not using --reintegrate option; can the feature branch continue to svn merge to trunk the 2nd time and thereafter ?
2- the impact on those feature branches that do use --reintegrate option; from what we read in the manual, that one cannot use this feature branches anymore.

0 votes

I created a repo using svnadmin create in a dir called trunk (that's what your supposed to do, right?) The operation succeeded but the files that I want to version (c source which I should have versioned long ago.)

I can't seem to add to the repo. When the code is ready for alpha release I plan to host it on source forge but until then It's just me working on the code and my online connection is intermittent so I decided to create my repo locally.

...