subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: Subversion Ruby Binding: Server certificate verification failed: issuer is not trusted
Date Thu, 11 Apr 2013 20:58:37 GMT
Daniel Shahaf wrote on Thu, Apr 11, 2013 at 23:00:08 +0300:
> Christian Plewnia wrote on Thu, Apr 11, 2013 at 20:51:26 +0200:
> > Hi,
> > 
> > I have been trying for some hours to use the ruby subversion binding to 
> > do a repository checkout. Unfortunately, the server certificate is not 
> > accepted: 
> > 
> > $ /.../script.rb
> > /usr/lib/ruby/site_ruby/1.9.1/svn/util.rb:99:in `svn_client_checkout3':  (Svn::Error::RaDavRequestFailed)
> > Svn::Error::RaDavRequestFailed: OPTIONS of 'https://...': Server certificate verification
failed: issuer is not trusted (https://...)
> >         from /usr/lib/ruby/site_ruby/1.9.1/svn/util.rb:99:in `checkout3'
> >         from /usr/lib/ruby/site_ruby/1.9.1/svn/client.rb:143:in `checkout'
> >         from /.../script.rb:22:in `<main>'
> > 
> > Using the SVN client from command line I never faced any certificate 
> > issues (as far as I know the certificate is perfectly valid). However, I 
> > started looking for a way to make the ruby script accept the 
> > certificate. As to my knowledge there is no documentation for the ruby 
> > binding, so I looked into the ruby files of the ruby binding and into 
> > the documentation of the C binding but I could not find a solution. 
> > 
> 
> Look at svn_cmdline_create_auth_baton().  You need to pass
> trust_server_cert=TRUE (in C terms) or implement a prompt provider that
> answers affirmatively.
> 
> (or reconfigure your SSL library to trust that certificate by default,
> in a level below Subversion)
> 
> > The script (see below) is taken from the best piece of documentation I 
> > could find in the web: 
> > 
> > http://www.markdeepwell.com/2010/06/ruby-subversion-bindings/
...
> > ctx = Svn::Client::Context.new()
> > ctx.add_simple_provider
> > ctx.auth_baton[Svn::Core::AUTH_PARAM_DEFAULT_USERNAME] = config_username
> > ctx.auth_baton[Svn::Core::AUTH_PARAM_DEFAULT_PASSWORD] = config_password
> > 

I haven't seen this script in your previous example.  The issue here is
that the "simple provider" only answers username/password prompts; you
need to a separate provider that answers SSL server certificate prompts.

> > begin
> > 	ctx.checkout(config_repository_url, config_output_path, config_revision.to_i, nil)
> > 	rescue Svn::Error::CLIENT_UNRELATED_RESOURCES => e # revision doesn't exist
> > 	raise "no such revision " + revision.to_s + " at " + repos_uri
> > end
> > ------------------------------------------------------------------------

Mime
View raw message