Firstly, thanks for the very clear bug report.
Sören Bernstein wrote on Sat, 3 Jul 2010 at 09:04 -0000:
> Hello all
>
> since I've upgraded to subversion 1.6.11 found that there is a bug while
> accepting bad certs. This is also true for 1.6.12. I'm running gentoo stable
> amd64 and gentoo stable x86.
>
> While checking out a trunk from svn with a bad server cert, svn warns about
> it,but then it does not print the message with the options to except or
> dicard. Instead it sits and waits for user input, AFTER which it will show
> the
> input options.
>
> Subversion 1.6.9 does not have the error.
>
> Reproducible: Always
>
> Steps to Reproduce:
> 1. Install subversion 1.6.11
> 2. Checkout from a server with bad cert
> 3. Wait for the warning message of subversion
>
> Actual Results:
> Subversion will print the information about the bad certificate and waits for
> user input. After Input it will show the input options for the prior input.
>
> Expected Results:
> Subversion should print the input options before waiting for input.
>
> A svn trunk with broken server cert could be found at:
> https://svn.tabos.org/repos/ffgtk/trunk
>
I cannot reproduce this using either svn 1.6.12 or svn 1.7.0-dev
(>=r937607) on Windows, over neon, if I run
svn co https://svn.tabos.org/repos/ffgtk/trunk
then I get the following prompt:
[[[
Error validating server certificate for 'https://svn.tabos.org:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
- The certificate hostname does not match.
Certificate information:
- Hostname: *.krueger-it.net
- Valid: from Sat, 07 Feb 2009 13:02:12 GMT until Mon, 07 Feb 2011
13:02:12 GMT
- Issuer: http://www.cacert.org, Root CA
- Fingerprint: a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21
(R)eject, accept (t)emporarily or accept (p)ermanently?
]]]
Just to clarify, if you type 'R<newline>' blindly at the prompt, does svn
read that and proceed to (R)eject the certificate? (it should print an
error message)
