dasony wrote on Fri, 25 Jun 2010 at 12:00 -0000: > Hello, > > I have a https subversion server that has an expired and untrusted > certificate, and for the time being, I have no way to fix it. I'd like > to my subversion client to ignore the errors and accept it. Usually in > a case like this, there was an option for accepting a certificate > permanently, but it's not there this time. > > Error validating server certificate for 'https://sc.snu.ac.kr:443': > - The certificate is not issued by a trusted authority. Use the > fingerprint to validate the certificate manually! > - The certificate has expired. > - The certificate has an unknown error. > Certificate information: > - Hostname: [deleted] > - Valid: from Thu, 11 Sep 2008 01:32:15 GMT until Fri, 11 Sep 2009 > 01:32:15 GMT > - Issuer: [deleted] > - Fingerprint: [deleted]
It's pretty pointless to say [deleted] here since you didn't delete the URL in the first line of the error message. > (R)eject or accept (t)emporarily? t > > Is there anyway to make it offer that option, It will not offer "(p)ermanently" when an "unknown error" is reported. > or for me to manually add it to the trusted list? I think I should add > something to ~/.subversion/auth/svn.ssl.server/, but I am yet to find > any document about this. > I am not sure this will work. And I strongly recommend that you don't do it unless you know *exactly* which certificate you are permitting (that warning message is there for a reason). > Still here? Okay. Let's see an example: [[[ % cat ~/.subversion/auth/svn.ssl.simple/f54456629587b37334a88e776b1ceb0c K 10 ascii_cert V 1664 MII<<<...1658 more characters...>>>80= K 8 failures V 1 4 K 15 svn:realmstring V 33 https://svn-master.apache.org:443 END ]]] That's a serialized hash. The numbers after K and V are the number of characters in the following line. The big base64'd value for "ascii_cert" is the certificate itself. The paranoid approach is to get the certificate from the server administrators directly. The non-paranoid approach is to grab the certificate presented by the server and save it. The third approach is to make Subversion offer the '(p)ermanently' option anyway (this requires a source-code patch). > I am using svn, version 1.6.6 (r40053) on Ubuntu Lucid. > > Thanks in advance. > >
