Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, deshani, and 11 others

#4264 svn import with invalid cert

Milestone: v1.0.0

Status: closed

Owner: nobody

Labels: feature-parity (20) 42cc (432)

Component: SCM

Reviewer: Dave Brondsema

Updated: 2015-08-20

Created: 2012-05-22

Creator: Dave Brondsema

Private: No

I'm pretty sure this error is due to the remote repo having an invalid ssl certificate. We should allow invalid certs.

Traceback (most recent call last):
 File "/var/local/allura/Allura/allura/tasks/repo_tasks.py", line 31, in clone
   cloned_from_url)
 File "/var/local/allura/Allura/allura/model/repository.py", line 227, in init_as_clone
   self._impl.clone_from(source_url)
 File "/var/local/allura/ForgeSVN/forgesvn/model/svn.py", line 176, in clone_from
   subprocess.check_call(['svnsync', 'init', self._url, source_url])
 File "/usr/lib64/python2.7/subprocess.py", line 511, in check_call
   raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '['svnsync', 'init', u'file:///svn/p/sagittarius/code', u'https://repo.smilfinken.net/projects/sagittarius']' returned non-zero exit status 1

Related

Tickets: ~~#4264~~

Discussion

Dave Brondsema - 2012-05-25

labels: --> feature-parity

milestone: forge-backlog --> forge-jun-15
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2012-05-31

labels: feature-parity --> feature-parity, 42cc

Description has changed:

Diff:

--- old +++ new @@ -1,4 +1,4 @@ -I'm pretty sure this error is due to the remote repo having an invalid ssl certificate +I'm pretty sure this error is due to the remote repo having an invalid ssl certificate. We should allow invalid certs. ~~~~ Traceback (most recent call last):
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Yaroslav Luzin - 2012-06-05

created #73: [#4264] svn import with invalid cert (2cp)

Related

Tickets: ~~#4264~~

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Yaroslav Luzin - 2012-06-13

closed #73 and pushed changes to 42cc_4264

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2012-06-14

status: open --> code-review

assigned_to: Dave Brondsema
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2012-06-14

status: code-review --> in-progress
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2012-06-14

It doesn't seem like --trust-server-cert is enough. I used https://nucnet-tools.svn.sf.net/svnroot/nucnet-tools/ as a test (using sf.net instead of sourceforge.net like it should be). I ran it manually to see the error:

$ svnsync --non-interactive --trust-server-cert init file:///svn/p/testsvn/code https://nucnet-tools.svn.sf.net/svnroot/nucnet-tools/ svnsync: OPTIONS of 'https://nucnet-tools.svn.sf.net/svnroot/nucnet-tools': Server certificate verification failed: certificate issued for a different hostname (https://nucnet-tools.svn.sf.net)

I don't see another parameter for svnsync that would be helpful, can you do further research about other options or workarounds?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Yaroslav Luzin - 2012-06-15

Hm.. OK, will look into it. I've created #88: [#4264] svn import with invalid cert - further research (2cp)

Related

Tickets: ~~#4264~~

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2012-06-16

assigned_to: Dave Brondsema --> nobody

qa: Dave Brondsema
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2012-06-18

Originally by: tramadolmen

I have researched about svnsync. But it seems that we can allow default sertificates by add to file ~/.subversion/servers

[global]
ssl-trust-default-ca = true

or accept unknown SSL server certificates by --trust-server-cert option.

For

svnsync --non-interactive --trust-server-cert init file:///svn/p/testsvn/code https://nucnet-tools.svn.sf.net/svnroot/nucnet-tools/

both variants didn't work. So i can pass in input p symbol to accept permanently certificate. For this we need to use popen function

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Yaroslav Luzin - 2012-06-26

closed #88 and pushed changes into '42cc_4264a'

status: in-progress --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2012-06-26

status: code-review --> closed

milestone: forge-backlog --> forge-jun-29
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.