You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Ryan Feiock <RF...@panpowered.com> on 2008/03/24 18:46:16 UTC

Subversionl, SSL, and web services

I have been running Subversion for a while in my automated build process
using SSL authentication with no issues.  I recently created a web
service that users can run to kick off a build remotely.  This web
service runs the build ok, but when it gets to the step to check out the
code from SVN, it fails with this message:

 

3/24/2008 1:59:59 PM: Building project step 'Update Common Scripts'...

svn.exe checkout https://test.com:8443/svn/repos-scm/trunk/scripts
--username user --password password C:\builds\repos-scm\trunk\scripts\

Error validating server certificate for 'https://test.com:8443':

 - The certificate is not issued by a trusted authority. Use the

   fingerprint to validate the certificate manually!

Certificate information:

 - Hostname: test.com

 - Valid: from Mon, 03 Dec 2007 22:35:15 GMT until Thu, 30 Nov 2017
22:35:15 GMT

 - Issuer: test.com

 - Fingerprint:
bc:24:60:ad:b2:32:9f:69:fd:b4:95:a2:34:e5:10:d9:ea:2f:c6:a7

(R)eject, accept (t)emporarily or accept (p)ermanently? svn: PROPFIND
request failed on '/svn/repos-scm/trunk/scripts'

svn: PROPFIND of '/svn/repos-scm/trunk/scripts': Server certificate
verification failed: issuer is not trusted (https://test.com:8443
<https://test.com:8443/> )

 

(I have changed the sensitive values for this posting)

 

It appears that the build process is running under the ASP .Net user
process which has not accepted the SSL certificate.  And since the build
is running in an automated fashion, I don't have the ability to tell it
to accept the certificate.  I have tried setting everything up to run as
a local user (switched the virtual directory to run as a local user,
setup the app pool to be local, etc.), but for some reason it is running
this process as the ASP .Net user.

 

So I guess my question is, without turning off SSL altogether, is there
some way I can accept this certificate or somehow authenticate this user
against SVN?

Re: Subversionl, SSL, and web services

Posted by John Peacock <jo...@havurah-software.org>.

Ryan Feiock wrote:
> So I guess my question is, without turning off SSL altogether, is there 
> some way I can accept this certificate or somehow authenticate this user 
> against SVN? 

Yes.  Put your public CA key in a PEM file and add a line to the ASP.net's 
HOME/.subversion/config telling Subversion to trust that CA:

	[global]
	ssl-authority-files=/path/to/ca.pem


HTH

John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org