On Fri, Jul 19, 2019 at 7:41 AM Pierre Fourès <pierre.fou...@gmail.com> wrote: > > Hi all, > > I have a script accessing an old svn server whom SSL certificate have > expired a long time ago. Up to now, I was permanently accepting the > certificate on the first run of the script and then everything was > sailling smooth. I reinstalled a couple of months ago a new box where > this script was intented to run and the (p)ermanently option seems not > provided anymore.
Negotiating certificate trust can be fun. Can you sidestep the whole issue by switching to svn+sh? Or get new, signed certificates? > Thankfully, I still have the "old" running box to double-check, and > the (p)ermanently option is still present. Both boxes are Debian > Buster (but was installed as unstable, before the official release). > The (p)ermanently option was also present in svn on previous versions > of Debian. > > I can notice that the versions of svn changed between my old and new > box from 1.10.2 to 1.10.4. Nonetheless, I gave a look at the > change-log [1] and it doesn't seem specified this option has been > removed. I also gave a look on openssl version and it went upgraded > from 1.1.0h to 1.1.1b, but I have no clue to evaluate if the removal > of the (p)ermanently option is linked or not the openssl upgrade. > > If some of you have an hint and an half to explain how and why this > option disapeared, that would be really nice. I wonder if it was meant > or not, to see where I'm headed. > > More over, I would really appreciate if someone could share a solution > to still permanently accept the certificate on the new box, as for > now, I can't use this box and the old one should soon be > decommissioned. Stefan has correctly pointed out ways to get your client, at run-time, to accept failed certificates. But what is stopping you from replacing the certificate? > Best Regards, > Pierre > > [1] https://svn.apache.org/repos/asf/subversion/tags/1.10.4/CHANGES
