Christian Plewnia wrote on Fri, Apr 12, 2013 at 11:41:34 +0200: > Hi, > > thank you for your reply. > > > Daniel Shahaf wrote on Thu, Apr 11, 2013 at 23:00:08 +0300: > > > Christian Plewnia wrote on Thu, Apr 11, 2013 at 20:51:26 +0200: > > > > Hi, > > > > > > > > I have been trying for some hours to use the ruby subversion binding to > > > > do a repository checkout. Unfortunately, the server certificate is not > > > > accepted: > > > > > > > > $ /.../script.rb > > > > /usr/lib/ruby/site_ruby/1.9.1/svn/util.rb:99:in `svn_client_checkout3': > > > > (Svn::Error::RaDavRequestFailed) > > > > Svn::Error::RaDavRequestFailed: OPTIONS of 'https://...': Server > > > > certificate verification failed: issuer is not trusted (https://...) > > > > from /usr/lib/ruby/site_ruby/1.9.1/svn/util.rb:99:in `checkout3' > > > > from /usr/lib/ruby/site_ruby/1.9.1/svn/client.rb:143:in > > > > `checkout' > > > > from /.../script.rb:22:in `<main>' > > > > > > > > Using the SVN client from command line I never faced any certificate > > > > issues (as far as I know the certificate is perfectly valid). However, > > > > I > > > > started looking for a way to make the ruby script accept the > > > > certificate. As to my knowledge there is no documentation for the ruby > > > > binding, so I looked into the ruby files of the ruby binding and into > > > > the documentation of the C binding but I could not find a solution. > > > > > > > > > > Look at svn_cmdline_create_auth_baton(). You need to pass > > > trust_server_cert=TRUE (in C terms) or implement a prompt provider that > > > answers affirmatively. > > > > > > (or reconfigure your SSL library to trust that certificate by default, > > > in a level below Subversion) > > > > > > > The script (see below) is taken from the best piece of documentation I > > > > could find in the web: > > > > > > > > http://www.markdeepwell.com/2010/06/ruby-subversion-bindings/ > > ... > > > > ctx = Svn::Client::Context.new() > > > > ctx.add_simple_provider > > > > ctx.auth_baton[Svn::Core::AUTH_PARAM_DEFAULT_USERNAME] = config_username > > > > ctx.auth_baton[Svn::Core::AUTH_PARAM_DEFAULT_PASSWORD] = config_password > > > > > > > > I haven't seen this script in your previous example. The issue here is > > that the "simple provider" only answers username/password prompts; you > > need to a separate provider that answers SSL server certificate prompts. > > I looked into the other providers. The Authenticatable module in the > Ruby binding provides the following methods: > > add_simple_provider > add_username_provider > add_ssl_client_cert_file_provider > add_ssl_client_cert_pw_file_provider > add_ssl_server_trust_file_provider > add_simple_prompt_provider > add_username_prompt_provider > add_ssl_server_trust_prompt_provider > add_ssl_client_cert_prompt_provider > add_ssl_client_cert_pw_prompt_provider > add_platform_specific_client_providers > > I thought the add_ssl_server_trust_prompt_provider() might be right for > solving my issue. However, this just lets me manipulate an
Agreed. > AuthCredSSLServerTrust object which I think maps to the C struct > svn_auth_cred_ssl_server_trust_t, which does not let me set something > like trust_server_cert in svn_cmdline_create_auth_baton(). > > So my problem is that I cannot find out how > svn_cmdline_create_auth_baton() is mapped in the Ruby binding. > I don't know. If it isn't mapped, you could send a patch that adds the mapping (http://subversion.apache.org/patches) or construct an auth_baton yourself and use that in your client context object. > > > > begin > > > > ctx.checkout(config_repository_url, config_output_path, > > > > config_revision.to_i, nil) > > > > rescue Svn::Error::CLIENT_UNRELATED_RESOURCES => e # revision > > > > doesn't exist > > > > raise "no such revision " + revision.to_s + " at " + repos_uri > > > > end > > > > ------------------------------------------------------------------------ > > > > Kinds regards > Christian
