You are viewing a plain text version of this content. The canonical link for it is here.
Posted to infrastructure-issues@apache.org by "Daniel Gruno (JIRA)" <ji...@apache.org> on 2014/12/09 17:41:12 UTC
[jira] [Resolved] (INFRA-8814) Different certs for svn.us/.eu mean
svn.geo redirection does not work properly
[ https://issues.apache.org/jira/browse/INFRA-8814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Gruno resolved INFRA-8814.
---------------------------------
Resolution: Fixed
Assignee: Daniel Gruno
All fixed with the new roll-out.
Sorry for the inconvenience!
> Different certs for svn.us/.eu mean svn.geo redirection does not work properly
> ------------------------------------------------------------------------------
>
> Key: INFRA-8814
> URL: https://issues.apache.org/jira/browse/INFRA-8814
> Project: Infrastructure
> Issue Type: Bug
> Components: Subversion
> Reporter: Sebb
> Assignee: Daniel Gruno
> Priority: Critical
>
> svn.apache.org resolves via svn.geo.apache.org to either svn.eu.a.o or svn.us.a.o
> By default the SVN client does not know about the CA cert that is used by the svn hosts; this can be overridden by accepting the certificate using the fingerprint as validation.
> This certificate etc. is stored in a file in .subversion/auth/svn.ssl.server/
> The file name is derived from the host name, rather than the IP address.
> [Looks like some kind of hash] So next time the URL is used SVN no longer needs to prompt.
> However this relies on the same certificate always being returned for a given host address.
> This is no longer the case, as the EU and US servers now have different certicates.
> So unless the svn.geo.a.o address always resolves to the same host for a given user, the SVN client will no longer be able to login without user intervention.
> I have tried this locally (by defining different IPs for svn.apache.org) and the SVN client prompts each time svn.apache.org is swapped between EU and US.
> There is no guarantee that svn.a.o will always return the same IP address.
> Especially on a system that may connect via different ISPs or with dynamic IPs. Even my fixed IP gets different values at different times.
> This causes lots of problems.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)