Date: Wed, 28 May 2014 07:19:32 GMT From: Leander <mr-spott@gmx.de> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/190331: svnlite has a bug in https support / "--trust-server-cert" does not work Message-ID: <201405280719.s4S7JWUm045836@cgiserv.freebsd.org> Resent-Message-ID: <201405280720.s4S7K04J095730@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 190331 >Category: misc >Synopsis: svnlite has a bug in https support / "--trust-server-cert" does not work >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 28 07:20:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Leander >Release: FreeBSD 10.0-RELEASE >Organization: Private >Environment: FreeBSD Storage-03.NetOcean.Local 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: A full description can be found here: https://forums.freebsd.org/viewtopic.php?f=43&t=46620&p=260645#p260612 A short summary: snvlite does not treat the "--trust-server-cert" as described and expected. A server cert must currently be manually accepted before the combination of "--non-interactive --trust-server-cert" is doing its job eg. in a unattended script. svnlite checkout https://svn0.eu.FreeBSD.org/base/releng/10.0/ /usr/src --non-interactive --trust-server-cert svn: E230001: Unable to connect to a repository at URL 'https://svn0.eu.freebsd.org/base/releng/10.0' svn: E230001: Server SSL certificate untrusted >How-To-Repeat: # Ensure there is no old keys anymore which may corrupt the result ... [[ -d ~/.subversion ]] && mv ~/.subversion /tmp/ # Start a sync of the FreeBSD sources ... svnlite checkout https://svn0.eu.FreeBSD.org/base/releng/10.0/ /usr/src --non-interactive --trust-server-cert svn: E230001: Unable to connect to a repository at URL 'https://svn0.eu.freebsd.org/base/releng/10.0' svn: E230001: Server SSL certificate untrusted >Fix: A workaround is to save server keys once and implement them into ~/.subversion/ like eg. [[ -d ~/.subversion ]] && rm -r ~/.subversion mkdir -p -m 0755 ~/.subversion/auth/svn.ssl.server ( cat <<'EOF' K 10 ascii_cert V 2284 MIIGqzCCBJOgAwIBAgIJAN50OQRbgfDIMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAoTC0ZyZWVCU0Qub3JnMRMwEQYDVQQLEwpjbHVzdGVyYWRtMR8wHQYDVQQDExZzdm5taXIueXN2LkZyZWVCU0Qub3JnMSUwIwYJKoZIhvcNAQkBFhZjbHVzdGVyYWRtQEZyZWVCU0Qub3JnMB4XDTEzMDcyOTIyMDEyMVoXDTQwMTIxMzIyMDEyMVowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRnJlZUJTRC5vcmcxEzARBgNVBAsTCmNsdXN0ZXJhZG0xHzAdBgNVBAMTFnN2bm1pci55c3YuRnJlZUJTRC5vcmcxJTAjBgkqhkiG9w0BCQEWFmNsdXN0ZXJhZG1ARnJlZUJTRC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMV94UpcQjtD0IhCnMhySdwq6V8FFwXwqZ7f3isAwWGYpXob4n/OWjHam7ZsFIb/37/ur7uGc3CRr2o0ke+kJr68RXVxctpJ0PT5TW39D/q97O97l52bqzxHdjPxEbNEs/QBs6NjujvUJZxrpo+6TPFKlT1E3qL1zoit75x/AQBVq34sJu7OG2464Wuc2w/e/F9gs8wI7+qQoImIZizksdD6fjPpqZpoNm0krtbaWJ7gOeFXTVyUFFMEFdaSEn25xCWibAvkHy7X5yPJrS6btKdE/i4O8RS1xlIq8L6TNZaIUJL43Gcq0CSMOALLU6o/I3mxJfL0OrHh/jIsTGb2A6mRoYgDDLNbDyzXCkDUI5bWVp0ucu13PgUJtBtdtJv5MEiZwMrUoFqTs4sZW6alj6d8tAniYMcfM9l0YOWKFmnopDxXyTBH+2kfYLU8wR/hMeRlOi9qwwK4dOZcQ1FqZN33ZDo6 sKFjFBS1qn82ncHrzomHopeJckJs0XrXebAGpW48IFbeV9bf3zrMcJFTbL8x6byJ8LAwHYlCZejLkpmla9ZsrUzeUk5eAldh2iB45hOcfBkb6kQyodYWjOBj3RYIz+7LlUuj0HtvSp+3oYLh+tLuFPRi63VdzBv6owykTxLRzdVFQTT8prqeAGyMXTSGXmM4aLnmyEft0TFdpltwIDAQABo4IBCjCCAQYwgesGA1UdEQSB4zCB4IIWc3ZubWlyLnlzdi5GcmVlQlNELm9yZ4IYc3ZuMC51cy1lYXN0LkZyZWVCU0Qub3Jnghhzdm4xLnVzLWVhc3QuRnJlZUJTRC5vcmeCGHN2bjAudXMtd2VzdC5GcmVlQlNELm9yZ4IYc3ZuMS51cy13ZXN0LkZyZWVCU0Qub3JnghNzdm4wLmV1LkZyZWVCU0Qub3JnghNzdm4xLmV1LkZyZWVCU0Qub3Jnghlzdm4wLmV1LW5vcnRoLkZyZWVCU0Qub3Jnghlzdm4xLmV1LW5vcnRoLkZyZWVCU0Qub3JnMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4ICAQBn8GGOpAf1dlDg4nojM/pkjDopwKfx2UXLg/3VwNaXHXmbd7V1DFfBJwBNaMUEXe/G33Gjkk756UhifCsKQyFCsJlURp+jtkL7QPN7NOd2v4Hmh6D1sEitoY5YKD2wjh6GrMLkYrirmMn5V/oj0/RjCtX8fBckox+Cb1DjGTBRJ6Qv7zA9K3IL3J8cqK41RZn6TzzEPI/bA/2nL3hZ+7DOIeuAbLsM164t7P9dCOSa9UX7l77I4Iwr9YjTBWC09vi4TxNvqYqg16skf6o3GEyYUo3y1G9haBMwnXkJxYQWEzTpldnHBlsZp4pqumbvBC7cL+VVng7AFX74xiOAk5Mylb9Q4k19X51sWf2nOHTQNqPMXimWU354+7NEbdeZmhGkef4fZt+I5Ge iPWb/DeZiXkbQIU/QEme/XNiy2Ca/0hX1oEO9C0ImUSL! I2DnT94E3cO+plcmC+8FXHAAlusyM16LnHLuZqHe5DF/e/W3USCV+2DoA9RIltJPsw8MpYsEFKkx1lVTA3BPOrT6t2cNjWjW0Pqs+B1raAjNjeKoKD+d0TGhoGAFzmMFblx5jt7+NuYVJgWL1kLV52UnabcyJWAPWobNDpt98JWVRHTa+yp92Jg/9zfccbaIE9xCWxgXj9/YyWIGeSVIBSFpWMz/rhwegVR+6PFgBF/7t/W0W5Q== K 8 failures V 2 12 K 15 svn:realmstring V 36 https://svn0.us-east.freebsd.org:443 END EOF ) > ~/.subversion/auth/svn.ssl.server/87ff8e8fd0384311d1630a5693b2abb5 chmod 0755 ~/.subversion/auth/svn.ssl.server/87ff8e8fd0384311d1630a5693b2abb5 svnlite checkout https://svn0.eu.FreeBSD.org/base/releng/10.0/ /usr/src --non-interactive --trust-server-cert A /usr/src/bin A /usr/src/bin/dd [...] >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405280719.s4S7JWUm045836>