You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Chris Jensen <cj...@edex.com.au> on 2004/05/03 06:47:32 UTC
Can accept HTTPS certificate under windows
Hi,
I'm trying to setup a daily script to check if anything in a working
copy has changed without being committed to the repository, and send out
an email if that's the case. I've successfully set this up on a Linux
box. I'm now trying to set it up on a Windows 2000 server.
The repository is reached over a HTTPS connection using a self signed
certificate. This was no problem for the Linux box, the first time I
connected it asked me if I trusted the certificate, and I chose to
permanantly accept it - no troubles from there.
On the Windows 2000 box though, it only gives me the option to
temporarily trust the certificate, so I can't set up the script because
it requires interaction everytime its run.
Can anyone tell me why this is. I saw some other posts saying that the
permanent option wouldn't be available if the hostname in the
certificate didn't match - but in this case it does, and even if that
was the case, why is it ok to accept it under linux, but not Windows?
(Note, the Linux box has subversion 1.0.1 installed, while the Windows
box has 1.0.2 if that makes a difference)
--
---------------------------------------------------------------------
Chris Jensen cjensen@edex.com.au
Educational Experience (Australia)
Postal Address: PO Box 860, Newcastle NSW 2300
Freecall: 1-800-025 270 International: +61-2-4923 8222
Fax: (02) 4942 1991 International: +61-2-4942 1991
Visit our online Toy store! http://www.toysandmore.com.au/
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Cant accept HTTPS certificate under windows
Posted by Chris Jensen <cj...@edex.com.au>.
>> With a new install of subversion, I will type
>> svn co --username cjensen --no-auth-cache
>> https://subversion.edex.com.au/intra
>
>
> You're passing in the --no-auth-cache option, telling the client not to
> cache any credentials. That implies not storing server certificates.
Ahh, silly me. I thought this option only applied to my username and
password.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Cant accept HTTPS certificate under windows
Posted by Branko Čibej <br...@xbc.nu>.
Chris Jensen wrote:
>> I don't know about Gentoo, but I built the Windows binary you're
>> using, and I've not changed my setup since 1.0.0.
>
>
> I don't think it's something thats changed in the build, but rather in
> the design, as I'm seeing the same behaviour on the linux client (I
> haven't actually tried pre 1.0.2 versions on Windows)
>
>>> Can anyone tell me whats changed in 1.0.2 that's causing me not to
>>> be presented with this option?
>>> When mucking around with user profiles I did get it once, ironically
>>> it appeared when there was a problem with the profile, so nothing
>>> was getting saved, including the permanently accept decision.
>>
>>
>>
>> Can you post a transcript of what you're doing?
>
>
> With a new install of subversion, I will type
> svn co --username cjensen --no-auth-cache
> https://subversion.edex.com.au/intra
You're passing in the --no-auth-cache option, telling the client not to
cache any credentials. That implies not storing server certificates.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Cant accept HTTPS certificate under windows
Posted by Chris Jensen <cj...@edex.com.au>.
> I don't know about Gentoo, but I built the Windows binary you're using,
> and I've not changed my setup since 1.0.0.
I don't think it's something thats changed in the build, but rather in
the design, as I'm seeing the same behaviour on the linux client (I
haven't actually tried pre 1.0.2 versions on Windows)
>> Can anyone tell me whats changed in 1.0.2 that's causing me not to be
>> presented with this option?
>> When mucking around with user profiles I did get it once, ironically
>> it appeared when there was a problem with the profile, so nothing was
>> getting saved, including the permanently accept decision.
>
>
> Can you post a transcript of what you're doing?
With a new install of subversion, I will type
svn co --username cjensen --no-auth-cache
https://subversion.edex.com.au/intra
subversion.edex.com.au is using a self signed certificate (with a common
name of subversion.edex.com.au)
Under 1.0.1 on linux, I was asked if I wanted to temporarily or
permanently trust the server, or abort.
Under 1.0.2 on linux and windows, I was only offered the choice to
temporarily trust the server or abort.
Later, I was mucking around with user profiles (on Windows), and I tried
an "svn status -u", when I ran the command, the user had no profile, and
the profile was not writable, so presumably svn would not have been able
to find or create a subversion directory, and in this case it did offer
me the choice to permanantly trust the server (which is faily moot since
it couldn't actually save this trust anywhere.)
--
---------------------------------------------------------------------
Chris Jensen cjensen@edex.com.au
Educational Experience (Australia)
Postal Address: PO Box 860, Newcastle NSW 2300
Freecall: 1-800-025 270 International: +61-2-4923 8222
Fax: (02) 4942 1991 International: +61-2-4942 1991
Visit our online Toy store! http://www.toysandmore.com.au/
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Cant accept HTTPS certificate under windows
Posted by Branko Čibej <br...@xbc.nu>.
Chris Jensen wrote:
> Branko Čibej wrote:
>
>> Chris Jensen wrote:
>>
>>>> (Note, the Linux box has subversion 1.0.1 installed, while the
>>>> Windows box has 1.0.2 if that makes a difference)
>>>
>>> Yes, that would seem to be the difference, as I've now installed 1.0.2
>>> on another linux box and it won't let me permanently accept the
>>> certificate either.
>>> Why has this option been removed? What's the best way for me to work
>>> around this?
>>
>> This option has not been removed, as I've verified just now with the
>> 1.0.2 Windows client (btw, it's a client feature, not a server
>> feature). Maybe you should check with whoever built your binaries.
>
> The linux client was built under Gentoo and the windows client is from
> the -setup.exe binary from subversion.tigris.org
I don't know about Gentoo, but I built the Windows binary you're using,
and I've not changed my setup since 1.0.0.
> Can anyone tell me whats changed in 1.0.2 that's causing me not to be
> presented with this option?
> When mucking around with user profiles I did get it once, ironically
> it appeared when there was a problem with the profile, so nothing was
> getting saved, including the permanently accept decision.
Can you post a transcript of what you're doing?
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Cant accept HTTPS certificate under windows
Posted by Chris Jensen <cj...@edex.com.au>.
Branko Čibej wrote:
> Chris Jensen wrote:
>
>>> (Note, the Linux box has subversion 1.0.1 installed, while the
>>> Windows box has 1.0.2 if that makes a difference)
>>
>>
>> Yes, that would seem to be the difference, as I've now installed 1.0.2
>> on another linux box and it won't let me permanently accept the
>> certificate either.
>> Why has this option been removed? What's the best way for me to work
>> around this?
>
>
> This option has not been removed, as I've verified just now with the
> 1.0.2 Windows client (btw, it's a client feature, not a server feature).
> Maybe you should check with whoever built your binaries.
>
The linux client was built under Gentoo and the windows client is from
the -setup.exe binary from subversion.tigris.org
Can anyone tell me whats changed in 1.0.2 that's causing me not to be
presented with this option?
When mucking around with user profiles I did get it once, ironically it
appeared when there was a problem with the profile, so nothing was
getting saved, including the permanently accept decision.
--
---------------------------------------------------------------------
Chris Jensen cjensen@edex.com.au
Educational Experience (Australia)
Postal Address: PO Box 860, Newcastle NSW 2300
Freecall: 1-800-025 270 International: +61-2-4923 8222
Fax: (02) 4942 1991 International: +61-2-4942 1991
Visit our online Toy store! http://www.toysandmore.com.au/
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Cant accept HTTPS certificate under windows
Posted by Branko Čibej <br...@xbc.nu>.
Chris Jensen wrote:
>> (Note, the Linux box has subversion 1.0.1 installed, while the
>> Windows box has 1.0.2 if that makes a difference)
>
> Yes, that would seem to be the difference, as I've now installed 1.0.2
> on another linux box and it won't let me permanently accept the
> certificate either.
> Why has this option been removed? What's the best way for me to work
> around this?
This option has not been removed, as I've verified just now with the
1.0.2 Windows client (btw, it's a client feature, not a server feature).
Maybe you should check with whoever built your binaries.
$ svn --version
svn, version 1.0.2 (r9423)
compiled Apr 26 2004, 23:51:38
Copyright (C) 2000-2004 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).
The following repository access (RA) modules are available:
* ra_dav : Module for accessing a repository via WebDAV (DeltaV) protocol.
- handles 'http' schema
- handles 'https' schema
* ra_local : Module for accessing a repository on local disk.
- handles 'file' schema
* ra_svn : Module for accessing a repository using the svn network protocol.
- handles 'svn' schema
$ svn up
Error validating server certificate for 'https://svn.collab.net:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: svn.collab.net
- Valid: from Sep 22 21:21:47 2003 GMT until Sep 21 21:21:47 2007 GMT
- Issuer: CollabNet Chicago CA, Chicago, IL, US
- Fingerprint: d9:2a:03:7d:82:b4:21:cb:97:6c:21:33:a8:13:1d:0f:ef:f2:21:39
(R)eject, accept (t)emporarily or accept (p)ermanently? p
U Makefile.in
U COMMITTERS
U subversion\libsvn_ra_svn\cram.c
U subversion\libsvn_fs_fs\tree.c
U subversion\libsvn_fs_fs\fs_fs.c
U subversion\libsvn_fs_fs\fs_fs.h
U subversion\po\es.po
A subversion\po\pl.po
U tools\hook-scripts\verify-po.py
U packages\rpm\redhat-7.x\subversion.spec
U packages\rpm\redhat-8+\subversion.spec
U packages\rpm\wbel-3\subversion.spec
U packages\rpm\fedora-1\subversion.spec
Updated to revision 9643.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Cant accept HTTPS certificate under windows
Posted by Chris Jensen <cj...@edex.com.au>.
> (Note, the Linux box has subversion 1.0.1 installed, while the Windows
> box has 1.0.2 if that makes a difference)
Yes, that would seem to be the difference, as I've now installed 1.0.2
on another linux box and it won't let me permanently accept the
certificate either.
Why has this option been removed? What's the best way for me to work
around this?
--
---------------------------------------------------------------------
Chris Jensen cjensen@edex.com.au
Educational Experience (Australia)
Postal Address: PO Box 860, Newcastle NSW 2300
Freecall: 1-800-025 270 International: +61-2-4923 8222
Fax: (02) 4942 1991 International: +61-2-4942 1991
Visit our online Toy store! http://www.toysandmore.com.au/
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org