bypass ssl certificate validation in subversion
I\'m managing a subversion-based build system and we use a self-signed ssl for the server. So from time to time, we get build failures because a new machine has been added a
-
I guess you have two options; throwing all caution overboard and setting trust-server-cert and non interactive from the command line:
svn help co .... snip.... --non-interactive : do no interactive prompting --trust-server-cert : accept unknown SSL server certificates without prompting (but only with '--non-interactive')and the other option is to use something like openssl s_client with -showcerts to check and validate if the cert has changed prior to the svn call -and then either abort very cleanly and let a human make the judgment call, or something dirty - like using the -showcert to update the known cert in ~/.subversion.
In either case - the bit of nonintuitive magic is on the files in ~/.subversion/auth/svn.ssl.server/
cat| grep ^MII | base64decode | openssl x509 -text -inform DER or something like
cat| grep ^MII | base64decode | openssl x509 -text -inform DER -noout - out current-cert.pem and can then use openssl s_client with -CApath or verify with that cert to see if it has changed and/or use -showcert to cross check. (Note: substitute perl -e 'use MIME::Base64;print decode_base64(join("",));' for base64decode if needed).
加载中...
- 热议问题