You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by solo turn <so...@yahoo.com> on 2003/05/07 12:54:51 UTC
windows and ssl-ignore-unknown-ca = true
how do i set ssl-ignore-unknown-ca = true on windows? it would be
great, if the example registry file in the download area contains
these options too ...
i tried to enter it in the registry with true, 1, 0, but it seems not
to take it.
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by Brian Denny <br...@briandenny.net>.
On Wed, May 07, 2003 at 08:45:01AM -0700, solo turn wrote:
> i did:
> - svn mkdir http://bla/trunk/d1 -m ""
> svn mkdir http://bla/trunk/d2 -m ""
> - copy the working "servers" file from unix to w2k
> (unix, v 0.22 dev build)
> - try true, yes, 0, 1
> - svn up
>
Try this:
Blow away your entire
C:\Documents and Settings\User\Application Data\Subversion
folder, run svn and it will automatically get re-created.
Then look in that folder for the 'servers' file, find the appropriate
lines in that file and change their values.
-brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by Ben Collins-Sussman <su...@collab.net>.
solo turn <so...@yahoo.com> writes:
> - copy the working "servers" file from unix to w2k
What does that mean? Copied it *where*?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
[re-post] Re: windows and ssl-ignore-unknown-ca = true
Posted by Chris Foote <Ch...@xtra.co.nz>.
For some reason this didn't make it to the list, so I'm reposting it.
----- Original Message -----
From: "mark benedetto king" <mb...@boredom.org>
To: "Chris Foote" <Ch...@v21.me.uk>
Cc: "solo turn" <so...@yahoo.com>; "Ben Collins-Sussman" <su...@collab.net>;
<de...@subversion.tigris.org>
Sent: Thursday, May 08, 2003 2:38 PM
Subject: Re: windows and ssl-ignore-unknown-ca = true
>
> I agree that this patch will solve problems with CRNL streams without
> causing trouble for NL streams. Aren't there CR-only streams (Macintosh)?
>
> Can stdin be opened in text mode, leaving the CRNL/CR/NL->NL translation to
> the OS libraries?
>
How about this then, it uses the APR_EOL_STR macro.
Would this work on the Mac?
Log:
Prevent leaving half of the '\r\n' win32 newline sequence in stdin when prompting.
* prompt.c:
(svn_cl__prompt_user): Finish reading stdin on '\n' and continue when getting
a '\r'.
Index: subversion/clients/cmdline/prompt.c
===================================================================
--- subversion/clients/cmdline/prompt.c (revision 5854)
+++ subversion/clients/cmdline/prompt.c (working copy)
@@ -67,6 +67,7 @@
if (! hide)
{
+ const char* eol = APR_EOL_STR;
fprintf (stderr, "%s", prompt_native);
fflush (stderr);
@@ -75,8 +76,19 @@
status = apr_file_getc (&c, fp);
if (status && ! APR_STATUS_IS_EOF(status))
return svn_error_create (status, NULL, "error reading stdin.");
- if ((c == '\n') || (c == '\r'))
- break;
+
+ if (c == *eol)
+ {
+ if (eol[1] == '\0')
+ break;
+ else
+ {
+ ++eol;
+ continue;
+ }
+ }
+ else
+ eol = APR_EOL_STR;
svn_stringbuf_appendbytes (strbuf, &c, 1);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by cm...@collab.net.
mark benedetto king <mb...@boredom.org> writes:
> On Wed, May 07, 2003 at 09:51:46PM +0100, Chris Foote wrote:
> > This looks very similar to the bug I posted a patch for a few weeks ago.
> >
> > http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=35950
> >
>
> I agree that this patch will solve problems with CRNL streams without
> causing trouble for NL streams. Aren't there CR-only streams (Macintosh)?
Hm. Not trying to fuss, just some kindly advice -- maybe consider
using "LF" (linefeed) in your terminology instead of "NL"? Took me a
second to realize what you were talking about. Subversion refers
consistently to CR, LF, and CRLF.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by mark benedetto king <mb...@boredom.org>.
On Wed, May 07, 2003 at 09:51:46PM +0100, Chris Foote wrote:
> This looks very similar to the bug I posted a patch for a few weeks ago.
>
> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=35950
>
I agree that this patch will solve problems with CRNL streams without
causing trouble for NL streams. Aren't there CR-only streams (Macintosh)?
Can stdin be opened in text mode, leaving the CRNL/CR/NL->NL translation to
the OS libraries?
--ben
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by Chris Foote <Ch...@v21.me.uk>.
This looks very similar to the bug I posted a patch for a few weeks ago.
http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=35950
Regards,
Chris
----- Original Message -----
From: "solo turn" <so...@yahoo.com>
To: "Ben Collins-Sussman" <su...@collab.net>
Cc: "svn" <de...@subversion.tigris.org>
Sent: Wednesday, May 07, 2003 4:45 PM
Subject: Re: windows and ssl-ignore-unknown-ca = true
> i did:
> - svn mkdir http://bla/trunk/d1 -m ""
> svn mkdir http://bla/trunk/d2 -m ""
> - copy the working "servers" file from unix to w2k
> (unix, v 0.22 dev build)
> - try true, yes, 0, 1
> - svn up
>
> v0.21, w2k, acts as following, for all cases:
>
> $ svn up
> Error validating server certificate: Unknown certificate issuer,
> Hostname mismatch. Accept? (y/N): y
> A d1
> Error validating server certificate: Unknown certificate issuer,
> Hostname mismatch. Accept? (y/N): svn: RA layer request failed
>
> bugs:
> - it asks
> - it does not wait for an answer,
> when it asks a second time
> - it stops, and leaves the working
> copy in an inconsistent state
> (you have to delete d1)
>
>
> --- Ben Collins-Sussman <su...@collab.net> wrote:
> > solo turn <so...@yahoo.com> writes:
> >
> > > i tried to enter it in the registry with true, 1, 0, but it seems
> > not
> > > to take it.
> >
> > Did you try "yes", as the svn book demonstrates?
> >
> > Also, you don't need to use the registry at all. You can edit a
> > normal 'servers' config file. This is also discussed in the book:
> >
> > "On Win32 systems, Subversion creates a folder named
> > Subversion,
> > typically inside the Application Data area of the user's
> > profile
> > directory. However, on this platform the exact location
> > differs
> > from system to system, and is dictated by the Windows
> > registry."
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by Patrick Mayweg <ma...@qint.de>.
Hi Solo,
just to return to your original question, I am attaching a registry
export file which works for https://svn.collab.net
Cheers,
Patrick
solo turn wrote:
>thanks! with this option it works.
>
>but:
>if you don't set these options, it does not work. i do not think the
>file is the cause, it works for the proxy entries. and it behaves
>like this if you store the values in the registry too ... so it seems
>to be buglet ;)
>
>in general:
>i think these ssl options could be simpler. one option to continue or
>not should be sufficient.
>
>why? if you have a special case to trust, enter it in a dedicated
>section, or you install the issuers certificate.
>
>-s.
>
>--- Patrick Mayweg <ma...@qint.de> wrote:
>
>
>>Hi Solo,
>>you have to set ssl-ignore-host-mismatch = true and
>>ssl-ignore-unknown-ca = true because your CA is not know and the
>>name in
>>the certificate does not match the name you specified in the url.
>>For
>>copying the file from unix, I fear that the different EOL maybe a
>>source
>>of problems.
>>Regards,
>>Patrick
>>
>>
>>
Re: windows and ssl-ignore-unknown-ca = true
Posted by solo turn <so...@yahoo.com>.
thanks! with this option it works.
but:
if you don't set these options, it does not work. i do not think the
file is the cause, it works for the proxy entries. and it behaves
like this if you store the values in the registry too ... so it seems
to be buglet ;)
in general:
i think these ssl options could be simpler. one option to continue or
not should be sufficient.
why? if you have a special case to trust, enter it in a dedicated
section, or you install the issuers certificate.
-s.
--- Patrick Mayweg <ma...@qint.de> wrote:
> Hi Solo,
> you have to set ssl-ignore-host-mismatch = true and
> ssl-ignore-unknown-ca = true because your CA is not know and the
> name in
> the certificate does not match the name you specified in the url.
> For
> copying the file from unix, I fear that the different EOL maybe a
> source
> of problems.
> Regards,
> Patrick
>
> solo turn wrote:
>
> >i did:
> >- svn mkdir http://bla/trunk/d1 -m ""
> > svn mkdir http://bla/trunk/d2 -m ""
> >- copy the working "servers" file from unix to w2k
> > (unix, v 0.22 dev build)
> >- try true, yes, 0, 1
> >- svn up
> >
> >v0.21, w2k, acts as following, for all cases:
> >
> >$ svn up
> >Error validating server certificate: Unknown certificate issuer,
> >Hostname mismatch. Accept? (y/N): y
> >A d1
> >Error validating server certificate: Unknown certificate issuer,
> >Hostname mismatch. Accept? (y/N): svn: RA layer request failed
> >
> >bugs:
> >- it asks
> >- it does not wait for an answer,
> > when it asks a second time
> >- it stops, and leaves the working
> > copy in an inconsistent state
> > (you have to delete d1)
> >
> >
> >--- Ben Collins-Sussman <su...@collab.net> wrote:
> >
> >
> >>solo turn <so...@yahoo.com> writes:
> >>
> >>
> >>
> >>>i tried to enter it in the registry with true, 1, 0, but it
> seems
> >>>
> >>>
> >>not
> >>
> >>
> >>>to take it.
> >>>
> >>>
> >>Did you try "yes", as the svn book demonstrates?
> >>
> >>Also, you don't need to use the registry at all. You can edit a
> >>normal 'servers' config file. This is also discussed in the
> book:
> >>
> >> "On Win32 systems, Subversion creates a folder named
> >>Subversion,
> >> typically inside the Application Data area of the user's
> >>profile
> >> directory. However, on this platform the exact location
> >>differs
> >> from system to system, and is dictated by the Windows
> >>registry."
> >>
> >>
> >>
> >>
>
>---------------------------------------------------------------------
> >
> >
> >>To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> >>For additional commands, e-mail: dev-help@subversion.tigris.org
> >>
> >>
> >>
> >
> >
> >__________________________________
> >Do you Yahoo!?
> >The New Yahoo! Search - Faster. Easier. Bingo.
> >http://search.yahoo.com
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> >For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
> >
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by Patrick Mayweg <ma...@qint.de>.
Hi Solo,
you have to set ssl-ignore-host-mismatch = true and
ssl-ignore-unknown-ca = true because your CA is not know and the name in
the certificate does not match the name you specified in the url. For
copying the file from unix, I fear that the different EOL maybe a source
of problems.
Regards,
Patrick
solo turn wrote:
>i did:
>- svn mkdir http://bla/trunk/d1 -m ""
> svn mkdir http://bla/trunk/d2 -m ""
>- copy the working "servers" file from unix to w2k
> (unix, v 0.22 dev build)
>- try true, yes, 0, 1
>- svn up
>
>v0.21, w2k, acts as following, for all cases:
>
>$ svn up
>Error validating server certificate: Unknown certificate issuer,
>Hostname mismatch. Accept? (y/N): y
>A d1
>Error validating server certificate: Unknown certificate issuer,
>Hostname mismatch. Accept? (y/N): svn: RA layer request failed
>
>bugs:
>- it asks
>- it does not wait for an answer,
> when it asks a second time
>- it stops, and leaves the working
> copy in an inconsistent state
> (you have to delete d1)
>
>
>--- Ben Collins-Sussman <su...@collab.net> wrote:
>
>
>>solo turn <so...@yahoo.com> writes:
>>
>>
>>
>>>i tried to enter it in the registry with true, 1, 0, but it seems
>>>
>>>
>>not
>>
>>
>>>to take it.
>>>
>>>
>>Did you try "yes", as the svn book demonstrates?
>>
>>Also, you don't need to use the registry at all. You can edit a
>>normal 'servers' config file. This is also discussed in the book:
>>
>> "On Win32 systems, Subversion creates a folder named
>>Subversion,
>> typically inside the Application Data area of the user's
>>profile
>> directory. However, on this platform the exact location
>>differs
>> from system to system, and is dictated by the Windows
>>registry."
>>
>>
>>
>>
>---------------------------------------------------------------------
>
>
>>To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
>>For additional commands, e-mail: dev-help@subversion.tigris.org
>>
>>
>>
>
>
>__________________________________
>Do you Yahoo!?
>The New Yahoo! Search - Faster. Easier. Bingo.
>http://search.yahoo.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
>For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by solo turn <so...@yahoo.com>.
i did:
- svn mkdir http://bla/trunk/d1 -m ""
svn mkdir http://bla/trunk/d2 -m ""
- copy the working "servers" file from unix to w2k
(unix, v 0.22 dev build)
- try true, yes, 0, 1
- svn up
v0.21, w2k, acts as following, for all cases:
$ svn up
Error validating server certificate: Unknown certificate issuer,
Hostname mismatch. Accept? (y/N): y
A d1
Error validating server certificate: Unknown certificate issuer,
Hostname mismatch. Accept? (y/N): svn: RA layer request failed
bugs:
- it asks
- it does not wait for an answer,
when it asks a second time
- it stops, and leaves the working
copy in an inconsistent state
(you have to delete d1)
--- Ben Collins-Sussman <su...@collab.net> wrote:
> solo turn <so...@yahoo.com> writes:
>
> > i tried to enter it in the registry with true, 1, 0, but it seems
> not
> > to take it.
>
> Did you try "yes", as the svn book demonstrates?
>
> Also, you don't need to use the registry at all. You can edit a
> normal 'servers' config file. This is also discussed in the book:
>
> "On Win32 systems, Subversion creates a folder named
> Subversion,
> typically inside the Application Data area of the user's
> profile
> directory. However, on this platform the exact location
> differs
> from system to system, and is dictated by the Windows
> registry."
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: windows and ssl-ignore-unknown-ca = true
Posted by Ben Collins-Sussman <su...@collab.net>.
solo turn <so...@yahoo.com> writes:
> i tried to enter it in the registry with true, 1, 0, but it seems not
> to take it.
Did you try "yes", as the svn book demonstrates?
Also, you don't need to use the registry at all. You can edit a
normal 'servers' config file. This is also discussed in the book:
"On Win32 systems, Subversion creates a folder named Subversion,
typically inside the Application Data area of the user's profile
directory. However, on this platform the exact location differs
from system to system, and is dictated by the Windows registry."
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org