Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED]svn https:// results in The certificate has an un...
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
ew
n00b
n00b


Joined: 28 Aug 2004
Posts: 47

PostPosted: Thu Nov 05, 2009 11:05 am    Post subject: [SOLVED]svn https:// results in The certificate has an un... Reply with quote

I've got 2 boxes of gentoo here, running nearly the same software. In this case apr-1.3.9, apr-util-1.3.9, neon-0.29.0 and subversion-1.6.5 with the same use flags.

Running a simple "ls" command at work works fine:

Code:
% svn ls https://dev.int.example.net/
Error validating server certificate for 'https://dev.int.example.net:443':
 - The certificate hostname does not match.
Certificate information:
 - Hostname: *.example.net
 - Valid: from Mon, 11 Jun 2007 00:00:00 GMT until Wed, 15 Sep 2010 23:59:59 GMT
 - Issuer: Comodo CA Limited, Salford, Greater Manchester, GB
 - Fingerprint: d2:d6:76:ee:7c:b1:87:ce:28:6a:0e:eb:c5:03:87:30:cf:1d:a7:b9
(R)eject, accept (t)emporarily or accept (p)ermanently?


I can accept the certificate forever and that's fine. No more questions for me. :D

Running the same command at home brings me to this:

Code:
% svn ls https://dev.int.example.net/
Error validating server certificate for 'https://dev.int.example.net:443':
 - The certificate hostname does not match.
 - The certificate has expired.
 - The certificate has an unknown error.
Certificate information:
 - Hostname: *.example.net
 - Valid: from Mon, 11 Jun 2007 00:00:00 GMT until Wed, 15 Sep 2010 23:59:59 GMT
 - Issuer: Comodo CA Limited, Salford, Greater Manchester, GB
 - Fingerprint: d2:d6:76:ee:7c:b1:87:ce:28:6a:0e:eb:c5:03:87:30:cf:1d:a7:b9
(R)eject or accept (t)emporarily?


I've got 2 more error messages here and the option "'(p)ermanently" is missing. Why that? What can cause this?

Removing the ~/.subversion doesn't help. What I'm missing here? How do I solve this problem?


Last edited by ew on Fri Nov 06, 2009 11:31 am; edited 3 times in total
Back to top
View user's profile Send private message
Mike Hunt
Watchman
Watchman


Joined: 19 Jul 2009
Posts: 5287

PostPosted: Thu Nov 05, 2009 1:39 pm    Post subject: Reply with quote

Maybe the hangup is a preexisting condition in ~/.ssh/known_hosts - not sure.
Back to top
View user's profile Send private message
ew
n00b
n00b


Joined: 28 Aug 2004
Posts: 47

PostPosted: Thu Nov 05, 2009 2:48 pm    Post subject: Reply with quote

Mike Hunt wrote:
Maybe the hangup is a preexisting condition in ~/.ssh/known_hosts - not sure.

Thanks for your feedback.

I'm connecting via https:// and not svn+ssh:// so the ~/.ssh/known_hosts shouldn't be the problem here.
Back to top
View user's profile Send private message
Mike Hunt
Watchman
Watchman


Joined: 19 Jul 2009
Posts: 5287

PostPosted: Thu Nov 05, 2009 3:19 pm    Post subject: Reply with quote

I see, ok. There must be some sort of certificate cache somewhere. I remember a time when I needed to clear some mis-behaving certificates in firefox's advanced preferences.
Back to top
View user's profile Send private message
ew
n00b
n00b


Joined: 28 Aug 2004
Posts: 47

PostPosted: Thu Nov 05, 2009 9:36 pm    Post subject: Reply with quote

I've done some testing with "strace -fF -e trace=file svn ls $URL" to figure out the loading of files. The only filename that got something todo with SSL was "/etc/ssl/certs/ca-certificates.crt". And that file was the same on both servers.

So I blindly installed some stuff: openssl-0.9.8k-r1, apr-1.3.9, apr-util-1.3.9, neon-0.29.0 and subversion-1.6.5 (all the same version, no upgrade involved) and everything is working now.

I think the re-emerging openssl alone would do it too. We will never know! :D
Back to top
View user's profile Send private message
ew
n00b
n00b


Joined: 28 Aug 2004
Posts: 47

PostPosted: Fri Nov 06, 2009 8:25 am    Post subject: Reply with quote

Everything is back to non-working on one box and working on the other box. Maybe I swapped the boxes yesterday. It was late.

Reemerging openssl apr apr-util neon subversion is not working.

Any ideas? I'm confused. 8O
Back to top
View user's profile Send private message
ew
n00b
n00b


Joined: 28 Aug 2004
Posts: 47

PostPosted: Fri Nov 06, 2009 11:30 am    Post subject: Reply with quote

I've crossposted this to the subversion list and the solution was to downgrade to neon-0.28.X (in this case neon-0.28.6).

The option for accepting the certificate permanently appeared and it was working. Case closed.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum