Page MenuHomePhabricator
Create Task
Maniphest T7471

Unable to connect to SVN repo with invalid SSL cert
Closed, WontfixPublic
Actions

Description

Unhandled Exception ("CommandException")
Command failed with error #1!
COMMAND
svn --non-interactive --no-auth-cache --trust-server-cert --username 'xxxxx' --password 'xxxxx' cat 'https://192.168.160.4:8443/svn/QA/%E5%B7%A5%E4%BD%9C%E6%96%87%E6%A1%A3/X%20%E9%A1%B9%E7%9B%AE%E6%96%87%E6%A1%A3/%E5%8D%8E%E6%B8%94%E9%A1%B9%E7%9B%AE/S%20%E4%B8%8A%E6%B8%B8%E9%A1%B9%E7%9B%AE/%E4%B8%AD%E8%81%8C%E9%A1%B9%E7%9B%AE/%E4%B8%AD%E8%81%8C_%E8%87%AA%E5%8A%A8%E5%8C%96%E6%B5%8B%E8%AF%95/UI%E8%87%AA%E5%8A%A8%E5%8C%96/%E8%84%9A%E6%9C%AC/zz_ui_test/qg.pyc@34309'

STDOUT
(empty)

STDERR
svn: E230001: Unable to connect to a repository at URL 'https://192.168.160.4:8443/svn/QA/%E5%B7%A5%E4%BD%9C%E6%96%87%E6%A1%A3/X%20%E9%A1%B9%E7%9B%AE%E6%96%87%E6%A1%A3/%E5%8D%8E%E6%B8%94%E9%A1%B9%E7%9B%AE/S%20%E4%B8%8A%E6%B8%B8%E9%A1%B9%E7%9B%AE/%E4%B8%AD%E8%81%8C%E9%A1%B9%E7%9B%AE/%E4%B8%AD%E8%81%8C_%E8%87%AA%E5%8A%A8%E5%8C%96%E6%B5%8B%E8%AF%95/UI%E8%87%AA%E5%8A%A8%E5%8C%96/%E8%84%9A%E6%9C%AC/zz_ui_test/qg.pyc'
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted

Related Objects

Event Timeline

zzh created this task.Mar 6 2015, 3:03 AM
zzh assigned this task to chad.
zzh raised the priority of this task from to Needs Triage.
zzh updated the task description. (Show Details)
zzh added a subscriber: zzh.
chad removed chad as the assignee of this task.Mar 6 2015, 3:21 AM
chad added projects: Diffusion, Subversion.Mar 6 2015, 3:54 AM
Mnkras added a subscriber: Mnkras.Mar 6 2015, 3:05 PM

Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
Im pretty sure that is the issue, either connect over an unsecured connection, generate a valid certificate for the hostname, or have your phabricator host ignore invalid ssl certs

zzh added a comment.Mar 6 2015, 3:21 PM

how to set phabricator host ignore invalid ssl certs?

Mnkras added a comment.Mar 6 2015, 3:27 PM

Take a look under the bold heading "Method": http://www.microhowto.info/howto/configure_subversion_to_trust_a_given_ssl_certificate.html

Mnkras renamed this task from Diffusion > Repository, SVN file cat has a problem to Unable to connect to SVN repo with invalid SSL cert.Mar 6 2015, 3:30 PM
zzh added a comment.Mar 7 2015, 9:56 AM

I have add the ssl certs like "https://192.168.205.170/rZZH34382", but also have the same problem:

pasted_file (481×878 px, 66 KB)

zzh added a comment.Mar 7 2015, 10:00 AM

And the Subversion server is install over other machine, I'm not the administrator

nj2408zjw added a subscriber: nj2408zjw.May 5 2015, 9:05 AM
In T7471#100638, @zzh wrote:

And the Subversion server is install over other machine, I'm not the administrator

Hi, meet the same error and situation as yours. Have you found any solution?

nj2408zjw mentioned this in T8086: Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted.May 6 2015, 7:02 AM
chad merged a task: T8086: Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted.May 6 2015, 1:49 PM
agen added a subscriber: agen.Jun 1 2015, 7:32 AM

I installed phabricator using the shell script ( http://www.phabricator.com/rsrc/install/install_rhel-derivs.sh ) and meet the same error. When I run the svn command like

svn --non-interactive --no-auth-cache --trust-server-cert --username 'xxxxx' --password 'xxxxx' cat 'https://ip/svn/pro/common/rules/service/RulesService.java@5373'

The command returned the right content.

How should I fix the problem?

harpyham added a subscriber: harpyham.Jun 4 2015, 6:05 AM

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

agen added a comment.Jun 6 2015, 7:12 AM
In T7471#118340, @harpyham wrote:

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

Thanks a lot, I fixed the problem as what you had said,

nj2408zjw added a comment.Jun 9 2015, 6:17 AM
In T7471#118340, @harpyham wrote:

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

Hi, how can I check what's the "webuser" of mine?

aelam added a subscriber: aelam.Jun 10 2015, 4:48 AM

I've tried many methods, but only this work.
Set your host (displays in your certificate) in /etc/host such as

192.168.1.100 certicaficate_hostname
harpyham added a comment.Jun 11 2015, 4:06 AM
In T7471#119519, @nj2408zjw wrote:
In T7471#118340, @harpyham wrote:

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

Hi, how can I check what's the "webuser" of mine?

You can find it in webserver's configfile.

Aapche2:

#/> /usr/sbin/httpd2   -t -D DUMP_RUN_CFG 2> /dev/null  | grep User
User: name="wwwrun" id=30 not_used

nginx:

#/> grep -E "^user" /etc/nginx/nginx.conf
user  www-user;

lighttpd:

#/> grep -E ^server.username  /etc/lighttpd/lighttpd.conf
server.username  = "lighttpd"

Or try ps aux | grep <YOUR WEBSERVER PROCESS NAME> .
The user name will be shown at the 1rst column.

Webserver process name list:

  • Apache2 : httpd2
  • thttpd : thttpd
  • nginx : nginx

On my box:

#> ps aux | grep httpd
wwwrun    1195  0.0  0.2 280516 48176 ?        S    03:37   0:07 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start
wwwrun    1991  0.0  0.0 244952 11800 ?        S    18:55   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start
wwwrun    2080  0.0  0.2 277028 43664 ?        S    18:55   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start
root      3174  0.0  0.1 243660 20900 ?        Ss   May29   0:36 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start

PS:
If you have root privilege, aelam's method worths a shot 。 :)

 awoz added a subscriber:  awoz.Aug 1 2015, 7:15 PM
epriestley closed this task as Wontfix.Jan 11 2016, 11:44 AM
epriestley claimed this task.
epriestley added a subscriber: epriestley.
Get a valid certificate or configure your system to trust your self-signed certificate. This is not a problem with Phabricator and I do not plan to support insecure SSL configurations in the upstream.
danijepg added a subscriber: danijepg.Apr 27 2017, 5:07 PM
Any idea of how to do this on CentOs?



"configure your system to trust your self-signed certificate"



Phabricator · Built by Phacility