I noticed that the svn cli fails to validate https certificates and always ask for manual validation using the certificate fingerprint:
mbp:~ user$ svn co https://svn.mysite.com/svn/testrepo
Error validating server certificate for 'https://svn.mysite.com:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: svn.mysite.com
- Valid: from Fri, 21 Jun 2013 00:00:00 GMT until Mon, 20 Jun 2016 23:59:59 GMT
- Issuer: ANISSUER, DE
- Fingerprint: 37:7d:6a:a7:e9:4c:30:57:fe:45:32:ab:bb:71:6c:79:08:4d:72:0d
All the following clients were able to validate the certificate of my own svn server as well as that of an sf.net server:
- svn cli on Linux
- TortoiseSVN on Windows
- Safari/Firefox/Chrome on OSX
The two svn cli versions which I tried on OSX (Mountain Lion) and failed to validate the certificates are:
/usr/bin/svn: 1.6.18 (r1303927) – Mountain Lion/Xcode/opt/homebrew/bin/svn: 1.7.9 (r1462340) – Compiled using homebrew
Is there any way around this problem?
Best Answer
A friend (who was too lazy to write the answer here) hinted me that the root certificates in Mac OSX are stored in the keychain and suggested two different ways around the problem.
In order to make openssl library (used by svn) to locate them, you need to manually export them and store them in
/System/Library/OpenSSL/cert.pm. The process is described step-by-step in the following blog post: http://jw35.blogspot.gr/2011/02/root-certificates-for-macos-openssl.htmlIf you are using homebrew, an alternative solution is to install
curl-ca-bundlepackage and point openssl to the location of the certificates with the use of an environment variable.