subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?
Date Sat, 20 Jul 2019 14:55:36 GMT
On Fri, Jul 19, 2019 at 7:41 AM Pierre Four├Ęs <pierre.foures@gmail.com> wrote:
>
> Hi all,
>
> I have a script accessing an old svn server whom SSL certificate have
> expired a long time ago. Up to now, I was permanently accepting the
> certificate on the first run of the script and then everything was
> sailling smooth. I reinstalled a couple of months ago a new box where
> this script was intented to run and the (p)ermanently option seems not
> provided anymore.

Negotiating certificate trust can be fun. Can you sidestep the whole
issue by switching to svn+sh? Or get new, signed certificates?

> Thankfully, I still have the "old" running box to double-check, and
> the (p)ermanently option is still present. Both boxes are Debian
> Buster (but was installed as unstable, before the official release).
> The (p)ermanently option was also present in svn on previous versions
> of Debian.
>
> I can notice that the versions of svn changed between my old and new
> box from 1.10.2 to 1.10.4. Nonetheless, I gave a look at the
> change-log [1] and it doesn't seem specified this option has been
> removed. I also gave a look on openssl version and it went upgraded
> from 1.1.0h to 1.1.1b, but I have no clue to evaluate if the removal
> of the (p)ermanently option is linked or not the openssl upgrade.
>
> If some of you have an hint and an half to explain how and why this
> option disapeared, that would be really nice. I wonder if it was meant
> or not, to see where I'm headed.
>
> More over, I would really appreciate if someone could share a solution
> to still permanently accept the certificate on the new box, as for
> now, I can't use this box and the old one should soon be
> decommissioned.

Stefan has correctly pointed out ways to get your client, at run-time,
to accept failed certificates. But what is stopping you from replacing
the certificate?

> Best Regards,
> Pierre
>
> [1] https://svn.apache.org/repos/asf/subversion/tags/1.10.4/CHANGES

Mime
View raw message