bypass ssl certificate validation in subversion

Question

I\'m managing a subversion-based build system and we use a self-signed ssl for the server. So from time to time, we get build failures because a new machine has been added a

Answer 1

There are two possible scenarios: certificate is untrusted, but valid (i.e. a valid self-signed cert for example), or certificate is invalid (such as when you are accessing a machine on your LAN by IP or from outside your LAN by FQDN and that machine has a certificate issued to its symbolic name). svn client will not trust the 2nd type of cert even if using --trust-server-certificate option. In the 2nd scenario your only option I can think of is to use a hosts file entry to alias that machine's IP to its internal name.

Illustration of the scenario 2 that I once faced when VisualSVN was installed with all default option and generated a cert to the machine's symbolic name that it discovered:

LAN machine name MACHINE1 runs SVN server and it has a certificate installed that was issued to MACHINE1. You are trying to access SVN via its IP address and getting invalid certificate error.

You would also get that error if that MACHINE1 is accessible from outside your LAN by FQDN for example svn.domain.com and you are connecting to FQDN.

In both cases svn would throw the invalid certificate error.

You can add an entry to the hosts file to map the machine's IP address (LAN or external depending on where you are accessing it from) to the name certificate was issued to:

123.45.67.89 MACHINE1

and access SVN via https://machine1/svn/ to circumvent this situation.