When connecting to Subversion repositories using SSL connections the SVN client checks the server certificate if it is not expired, if it’s host description matches the host of the repository and if the authority which signed the certificate is trusted.

If the certificate fails to comply with any of the above rules the SVN client will respond with a message such as this one:

Error validating server certificate for ‘https://hostname:443′:
– The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
– Hostname: hostname
– Valid: from Tue, 16 Feb 2010 16:58:39 GMT until Fri, 14 Feb 2020 16:58:39 GMT
– Issuer: company.com, London, Berkshire, GB
– Fingerprint: d5:4e:d8:12:33:12:a5:f1:18:91:77:40:c4:77:3b:0b:f8:51:71:cd
(R)eject, accept (t)emporarily or accept (p)ermanently?

The certificate can still be accepted permanently manually. It may not be a solution if SVN commands are issued by non interactive processes. For example a PHP script run by apache trying to export a branch from the repository.

Certificates signed by trusted authorities such as Verisign should not have any problems. But self signed certificates will not be recognized by the SVN client which in turn will respond with the response above. Self signed certificates can be be made trusted by the SVN client by using the ssl-authority-files configuration option:

ssl-authority-files = /home/void/.subversion/company.crt

The configuration file named servers which holds this configuration option can be stored in multiple locations on the filesystem. First the Subversion client will try to look for it in the home folder of the user that is executing the SVN command. Users such as apache will most likely not have a home folder. In such cases SVN tries to look for the servers file in the /etc/subversion directory. It may or may not exist depending on the OS distribution flavour. For example it exits on Ubuntu but does not exist on CentOS a flavour of RedHat.

Subversion Self Signed Certificates的更多相关文章

  1. What is SSL and what are Certificates?

    Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and ...

  2. 【原】AFNetworking源码阅读(六)

    [原]AFNetworking源码阅读(六) 本文转载请注明出处 —— polobymulberry-博客园 1. 前言 这一篇的想讲的,一个就是分析一下AFSecurityPolicy文件,看看AF ...

  3. IOS开发基础知识--碎片51

    1:https关闭证书跟域名的验证 AFSecurityPolicy *securityPolicy = [AFSecurityPolicy defaultPolicy]; securityPolic ...

  4. 通读AFN③--HTTPS访问控制(AFSecurityPolicy),Reachability(AFNetworkReachabilityManager)

    这一篇主要介绍使用AFN如何访问HTTPS网站以及这些做法的实现原理,还有介绍AFN的网络状态监测部分AFNetworkReachabilityManager,这个模块会和苹果官方推荐的Reachab ...

  5. AFNetworking 3.0 源码解读(二)之 AFSecurityPolicy

    在我们平时的开发中,对网络连接安全方面所做的努力,应该占据很重要的位置. 在解释AFSecurityPolicy之前,我们先把基础的http/https 知识简单的普及一下.获取这方面的信息可通过这本 ...

  6. Step by Step 配置使用HTTPS的ASP.NET Web应用

    原创地址:http://www.cnblogs.com/jfzhu/p/4064654.html 转载请注明出处 有关HTTPS.SSL以及SSL证书的工作原理,参见 <HTTPS那些事(一)H ...

  7. AFNetworking之于https认证

    写在开头: 本来这篇内容准备写在AFNetworking到底做了什么?(三)中的,但是因为我想在三中完结这个系列,碍于篇幅所限.并且这一块内容独立性比较强,所以单独拎出来,写成一篇. 本文从源码的角度 ...

  8. 8.openssl req

    数字证书申请和生成工具.也可以为根CA自行签署证书. 该命令中很多值.属性.格式或默认值都在config文件openssl.cnf中指定. [root@xuexi ~]# man req NAME r ...

  9. 介绍开源的.net通信框架NetworkComms框架 源码分析(二十三 )TCPConnection

    原文网址: http://www.cnblogs.com/csdev Networkcomms 是一款C# 语言编写的TCP/UDP通信框架  作者是英国人  以前是收费的 目前作者已经开源  许可是 ...

随机推荐

  1. Linux常用命令 (转载自大牛笔记 --- http://www.weixuehao.com)

    Linux简介及Ubuntu安装 常见指令 系统管理命令 打包压缩相关命令 关机/重启机器 Linux管道 Linux软件包管理 vim使用 用户及用户组管理 文件权限管理 大牛笔记-www.weix ...

  2. bzoj 4447 小凸解密码

    bzoj 4447 小凸解密码 先将原始状态的 \(B\) 处理出来,可以发现,若不修改,则每次指定的起始位置不同,对这个环 \(B\) 带来的影响只有 \(B_0\) 不同,即每次 \(B_0=A_ ...

  3. Codeforces 815C. Karen and Supermarket【树形DP】

    LINK 思路 首先发现依赖关系是一个树形的结构 然后因为直接算花多少钱来统计贡献不是很好 因为数组开不下 那就可以算一个子树里面选多少个的最小代价就可以了 注意统计贡献的时候用优惠券的答案只能在1号 ...

  4. Scala的=>作用

    举例: var increase = (x: Int) => x + 1 increase(10) res0: Int = 11 类似于转化符号,=>指明这个函数把左边的东西(任何整数x) ...

  5. 高度注意 Map 类集合 K/V 能不能存储 null 值的情况

    集合类 Key Value Super 说明 Hashtable 不允许为 null 不允许为 null Dictionary 线程安全 ConcurrentHashMap 不允许为 null 不允许 ...

  6. ubuntu scrapy 开发环境搭建

    我的版本是14.04 1.更新系统  ##如果系统没有换国内下载路径需要换下系统的更新下载路径 http://www.cnblogs.com/seablog/p/7043798.html sudo a ...

  7. Tornador之初识(一)

    一.最简单的web服务器 import socket def handle_request(client): buf = client.recv(1024) client.send("HTT ...

  8. vue踩坑记录

    一.element resetFields 方法报错 网上查的解决方案 resetForm(formName) { this.$nextTick(() => { this.$refs[formN ...

  9. mac版sublime 无法下载插件(Vue 代码无高亮问题)

    1.官方下载sublime(http://www.sublimetext.com/3) 然后需要两步(1)上传插件主包Package Control(2)更改channels的配置信息(原来是国外的需 ...

  10. Linux GNU C

    Linux 系统上可用的C编译器是GNU C编译器,它建立在自由软件基金会的编程许可证的基础上,因此可以自由发布.GNU C对标准C 进行一系列扩展,以增强标准C的功能. 1.零长度数组GNU C 允 ...