SVN Ignore certificate issued for a different hostname on CentOs
I solved it modifying the hosts file to match the certificate name and the server name. Something I have tried before but nsswitch.conf was configured to check dns fitst.
Related videos on Youtube
danijepg
Updated on September 18, 2022Comments
-
danijepg over 1 year
I'm trying to use phabricator (https://github.com/phacility/phabricator) to connect to an external svn repository. It appers to be some kind of problem with the certificate of the svn server, for example Firefox says ("Could not verify this certificate because the issuer is unknown"). I suspect that the problem is the machine name and the certificate does not match. But I can do nothing on the server side.
Problem appears with a command phabricator is launching (wich also fails from the cmd line of course) which is:
svn --non-interactive -no-auth-cache --trust-server-cert -username 'xxx' --password 'YYY' cat 'https://some_file_in_svn'
Output is:
Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted (https://blabvlabla.com)
I have no way to change this line, because phabricator is generating it, and I have already try almost anything (maybe in the wrong way):
Surprisingly removing the options from the cmd (--non-interactive -no-auth-cache --trust-server-cert) make it works (I have to accept the certificate), but has no effect if I laucnh it again with them.
- Removing the non-interactive and accepting the certificate from the svn command-line -> Does not work
- Downloading and importing the certificate -> Does not work
- Adding the certificate to the ssl authority list in .subversion -> Does not work
It appears to be something similar here, but nothing works! (https://secure.phabricator.com/T7471). Any way to tell subversion just don't worry, bypass the certificate problems?
-
clearlight about 6 yearsHow do you change the hosts file to match the 'certificate name'?
-
danijepg about 6 yearsJust add a line so the name of the certificate resolves to the svn server ip. Then access the svn server using the name
-
Ravindra Bawane about 3 yearsAdd them where?
-
ThaSami about 3 yearsto your svn commands, as example... svn --trust-server-cert-failures="other,unknown-ca,cn-mistmatch,expired" --non-interactive -no-auth-cache -username 'xxx' --password 'YYY' cat 'some_file_in_svn'
-
4x10m about 3 yearsThanks it works but there is an error in the mismatch. --trust-server-cert-failures="unknown-ca,cn-mismatch,expired,not-yet-valid,other"