From owner-freebsd-bugs@FreeBSD.ORG Wed May 28 07:20:00 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 80118C45 for ; Wed, 28 May 2014 07:20:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5D3AF24D3 for ; Wed, 28 May 2014 07:20:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4S7K0AC095731 for ; Wed, 28 May 2014 07:20:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4S7K04J095730; Wed, 28 May 2014 07:20:00 GMT (envelope-from gnats) Resent-Date: Wed, 28 May 2014 07:20:00 GMT Resent-Message-Id: <201405280720.s4S7K04J095730@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Leander Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E5C81C3A for ; Wed, 28 May 2014 07:19:32 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D356324CC for ; Wed, 28 May 2014 07:19:32 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s4S7JWUp045840 for ; Wed, 28 May 2014 07:19:32 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s4S7JWUm045836; Wed, 28 May 2014 07:19:32 GMT (envelope-from nobody) Message-Id: <201405280719.s4S7JWUm045836@cgiserv.freebsd.org> Date: Wed, 28 May 2014 07:19:32 GMT From: Leander To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/190331: svnlite has a bug in https support / "--trust-server-cert" does not work X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2014 07:20:00 -0000 >Number: 190331 >Category: misc >Synopsis: svnlite has a bug in https support / "--trust-server-cert" does not work >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 28 07:20:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Leander >Release: FreeBSD 10.0-RELEASE >Organization: Private >Environment: FreeBSD Storage-03.NetOcean.Local 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: A full description can be found here: https://forums.freebsd.org/viewtopic.php?f=43&t=46620&p=260645#p260612 A short summary: snvlite does not treat the "--trust-server-cert" as described and expected. A server cert must currently be manually accepted before the combination of "--non-interactive --trust-server-cert" is doing its job eg. in a unattended script. svnlite checkout https://svn0.eu.FreeBSD.org/base/releng/10.0/ /usr/src --non-interactive --trust-server-cert svn: E230001: Unable to connect to a repository at URL 'https://svn0.eu.freebsd.org/base/releng/10.0' svn: E230001: Server SSL certificate untrusted >How-To-Repeat: # Ensure there is no old keys anymore which may corrupt the result ... [[ -d ~/.subversion ]] && mv ~/.subversion /tmp/ # Start a sync of the FreeBSD sources ... svnlite checkout https://svn0.eu.FreeBSD.org/base/releng/10.0/ /usr/src --non-interactive --trust-server-cert svn: E230001: Unable to connect to a repository at URL 'https://svn0.eu.freebsd.org/base/releng/10.0' svn: E230001: Server SSL certificate untrusted >Fix: A workaround is to save server keys once and implement them into ~/.subversion/ like eg. [[ -d ~/.subversion ]] && rm -r ~/.subversion mkdir -p -m 0755 ~/.subversion/auth/svn.ssl.server ( cat <<'EOF' K 10 ascii_cert V 2284 MIIGqzCCBJOgAwIBAgIJAN50OQRbgfDIMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAoTC0ZyZWVCU0Qub3JnMRMwEQYDVQQLEwpjbHVzdGVyYWRtMR8wHQYDVQQDExZzdm5taXIueXN2LkZyZWVCU0Qub3JnMSUwIwYJKoZIhvcNAQkBFhZjbHVzdGVyYWRtQEZyZWVCU0Qub3JnMB4XDTEzMDcyOTIyMDEyMVoXDTQwMTIxMzIyMDEyMVowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRnJlZUJTRC5vcmcxEzARBgNVBAsTCmNsdXN0ZXJhZG0xHzAdBgNVBAMTFnN2bm1pci55c3YuRnJlZUJTRC5vcmcxJTAjBgkqhkiG9w0BCQEWFmNsdXN0ZXJhZG1ARnJlZUJTRC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMV94UpcQjtD0IhCnMhySdwq6V8FFwXwqZ7f3isAwWGYpXob4n/OWjHam7ZsFIb/37/ur7uGc3CRr2o0ke+kJr68RXVxctpJ0PT5TW39D/q97O97l52bqzxHdjPxEbNEs/QBs6NjujvUJZxrpo+6TPFKlT1E3qL1zoit75x/AQBVq34sJu7OG2464Wuc2w/e/F9gs8wI7+qQoImIZizksdD6fjPpqZpoNm0krtbaWJ7gOeFXTVyUFFMEFdaSEn25xCWibAvkHy7X5yPJrS6btKdE/i4O8RS1xlIq8L6TNZaIUJL43Gcq0CSMOALLU6o/I3mxJfL0OrHh/jIsTGb2A6mRoYgDDLNbDyzXCkDUI5bWVp0ucu13PgUJtBtdtJv5MEiZwMrUoFqTs4sZW6alj6d8tAniYMcfM9l0YOWKFmnopDxXyTBH+2kfYLU8wR/hMeRlOi9qwwK4dOZcQ1FqZN33ZDo6 sKFjFBS1qn82ncHrzomHopeJckJs0XrXebAGpW48IFbeV9bf3zrMcJFTbL8x6byJ8LAwHYlCZejLkpmla9ZsrUzeUk5eAldh2iB45hOcfBkb6kQyodYWjOBj3RYIz+7LlUuj0HtvSp+3oYLh+tLuFPRi63VdzBv6owykTxLRzdVFQTT8prqeAGyMXTSGXmM4aLnmyEft0TFdpltwIDAQABo4IBCjCCAQYwgesGA1UdEQSB4zCB4IIWc3ZubWlyLnlzdi5GcmVlQlNELm9yZ4IYc3ZuMC51cy1lYXN0LkZyZWVCU0Qub3Jnghhzdm4xLnVzLWVhc3QuRnJlZUJTRC5vcmeCGHN2bjAudXMtd2VzdC5GcmVlQlNELm9yZ4IYc3ZuMS51cy13ZXN0LkZyZWVCU0Qub3JnghNzdm4wLmV1LkZyZWVCU0Qub3JnghNzdm4xLmV1LkZyZWVCU0Qub3Jnghlzdm4wLmV1LW5vcnRoLkZyZWVCU0Qub3Jnghlzdm4xLmV1LW5vcnRoLkZyZWVCU0Qub3JnMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4ICAQBn8GGOpAf1dlDg4nojM/pkjDopwKfx2UXLg/3VwNaXHXmbd7V1DFfBJwBNaMUEXe/G33Gjkk756UhifCsKQyFCsJlURp+jtkL7QPN7NOd2v4Hmh6D1sEitoY5YKD2wjh6GrMLkYrirmMn5V/oj0/RjCtX8fBckox+Cb1DjGTBRJ6Qv7zA9K3IL3J8cqK41RZn6TzzEPI/bA/2nL3hZ+7DOIeuAbLsM164t7P9dCOSa9UX7l77I4Iwr9YjTBWC09vi4TxNvqYqg16skf6o3GEyYUo3y1G9haBMwnXkJxYQWEzTpldnHBlsZp4pqumbvBC7cL+VVng7AFX74xiOAk5Mylb9Q4k19X51sWf2nOHTQNqPMXimWU354+7NEbdeZmhGkef4fZt+I5Ge iPWb/DeZiXkbQIU/QEme/XNiy2Ca/0hX1oEO9C0ImUSL! I2DnT94E3cO+plcmC+8FXHAAlusyM16LnHLuZqHe5DF/e/W3USCV+2DoA9RIltJPsw8MpYsEFKkx1lVTA3BPOrT6t2cNjWjW0Pqs+B1raAjNjeKoKD+d0TGhoGAFzmMFblx5jt7+NuYVJgWL1kLV52UnabcyJWAPWobNDpt98JWVRHTa+yp92Jg/9zfccbaIE9xCWxgXj9/YyWIGeSVIBSFpWMz/rhwegVR+6PFgBF/7t/W0W5Q== K 8 failures V 2 12 K 15 svn:realmstring V 36 https://svn0.us-east.freebsd.org:443 END EOF ) > ~/.subversion/auth/svn.ssl.server/87ff8e8fd0384311d1630a5693b2abb5 chmod 0755 ~/.subversion/auth/svn.ssl.server/87ff8e8fd0384311d1630a5693b2abb5 svnlite checkout https://svn0.eu.FreeBSD.org/base/releng/10.0/ /usr/src --non-interactive --trust-server-cert A /usr/src/bin A /usr/src/bin/dd [...] >Release-Note: >Audit-Trail: >Unformatted: