On Fri, Jul 19, 2019 at 01:40:52PM +0200, Pierre Fourès wrote:
> Hi all,
>
> I have a script accessing an old svn server whom SSL certificate have
> expired a long time ago. Up to now, I was permanently accepting the
> certificate on the first run of the script and then everything was
> sailling smooth. I reinstalled a couple of months ago a new box where
> this script was intented to run and the (p)ermanently option seems not
> provided anymore.
If you're scripting 'svn' you should be using the --non-interactive option.
In which case your script can use the --trust-server-cert-failures
option to accept a cert in pre-determined failure cases.
'svn help update', for example, displays the following information
section about the --trust-server-cert-failures option:
--trust-server-cert-failures ARG : with --non-interactive, accept SSL server
certificates with failures; ARG is comma-separated
list of 'unknown-ca' (Unknown Authority),
'cn-mismatch' (Hostname mismatch), 'expired'
(Expired certificate), 'not-yet-valid' (Not yet
valid certificate) and 'other' (all other not
separately classified certificate errors).
Once your script uses this option it should work out of the box against
your problematic server and there should be no need to save the cert.
Regards,
Stefan
