6

I am using websvn with a remote repository. This repository uses https protocol. After having configured websvn I get on the websvn webpage:

svn --non-interactive --config-dir /tmp list --xml --username '***' --password '***' 'https://scm.gforge.....'
OPTIONS of 'https://scm.gforge.....': Server certificate verification failed: issuer is not trusted

I don't know how to indicate to websvn to execute svn command in order to accept and to store the certificate. Does someone knows how to do it?

UPDATE:

It works! In order to have something which is well organized I have updated the WebSVN config file to relocate the subversion config directory to /etc/subversion which is the default path for debian:

$config->setSvnConfigDir('/etc/subversion');

In /etc/subversion/servers I have created a group and associated the certificate to trust:

[groups]
my_repo = my.repo.url.to.trust

[global]
ssl-trust-default-ca = true
store-plaintext-passwords = no

[my_repo]
ssl-authority-files = /etc/apache2/ssl/my.repo.url.to.trust.crt
Laurent
  • 321
  • 3
  • 14

2 Answers2

3

You have two possible methods available to resolve this.

Option 1:

su to the user websvn is running as and perform svn log https://your.secure.repo.com/repo/ against the target server. Subversion should then ask you to accept the certificate and you could choose to do so on a permanent basis. Then the cert will be okay to use.

Option 2:

Again, as the user the websvn process runs on, edit ~/.subversion/servers and add to the [global] section;

ssl-authority-files = /home/websvn/ssl/CAcert1.pem

If your after something quicky, then option 1 is the one to use, otherwise go for option two

Correction

As the poster pointed out in the command, svn is being called with the --config-dir option. This means that subversion will expect its configurations to be located in that directory, in this case /tmp. Thus copy the servers and config from ~/.subversion/ to /tmp directory and the subversion client will use those.

AJ01
  • 131
  • 9
  • This will work, but only if the OP is using *nix – Mark Henderson Jul 17 '10 at 21:53
  • This would be true, presumption was made as command refereed to /tmp. However on windows there is a .subversion settings for a user profile (%USERPROFILE%\Application Data\Subversion\\) but if your running it as a system account I am hazarding you could use the %APPDATA%\Subversion folder to accomplish the same. – AJ01 Jul 18 '10 at 00:41
  • I have tried both options without success – Laurent Jul 18 '10 at 10:34
  • Do you have the output from both or is it the same? Also I note you config dir is set to /tmp so add the file servers there. More specifically copy your modified servers file to /tmp/servers – AJ01 Jul 18 '10 at 10:38
3

There is a third, simpler option. It is possible to configure websvn to trust all server certificates. In include/config.php add or uncomment the following line:

$config->setTrustServerCert();
Dustin Ingram
  • 131
  • 2