发表新帖
发表新帖

Xcode 4 SVN hanging at “Checking out” if client certificate required

后端 未结
关注
3 1750
走了就别回头了
走了就别回头了 2020-12-20 23:02

I am trying to get Xcode 4 working with my svn repository. I type in the svn address, which it says is reachable, but when I try to check out, it comes up with \"The server

相关标签:
3条回答
  • 北荒
    2020-12-20 23:19

    It's a known issue.

    Open terminal, type

    svn ls <your repository address>

    confirm certificates, check login/pass. After that repo will work fine in xcode.

    0 讨论(0)
  • 旧巷少年郎
    2020-12-20 23:23

    To answer the original question:

    The server “foo.example.com” requires a client certificate.

    Translation: Xcode can't find the SSL client certificate in your keychain, the certificate is not valid, or if there's multiple certificates, Xcode doesn't know which one to use.

    To install a certificate in your keychain: In Finder, open the file that contains your client certificate (typically a .p12 file). Click Add, then enter the password to decrypt the .p12 file. If you have the corresponding root certificate (typically a .pem file), import it as well and click "Always Trust" when prompted.

    To make sure the certificate is valid: In Keychain Access, select the client certificate and look for a green checkmark and the words "This certificate is valid".

    • If you see "This certificate was signed by an unknown authority", install a corresponding root certificate.
    • If you see "This certificate was signed by an untrusted issuer", look for where it says "Issued by", find the corresponding root certificate by that name, and mark the root certificate as trusted (at least for X.509 Basic Policy).
    • If you see "This certificate has expired", delete it and get a new one.

    To associate the URL with a specific certificate: You need an identity preference. Xcode can't do this, but both Keychain Access and Safari can. In Keychain Access, select the client certificate and choose File menu > New Identity Preference…. Enter the repository URL (e.g. https://foo.example.com/path/to/repository) and click Add.

    Alternatively: In Safari, go to your repository URL. If there are multiple certificates installed, Safari will prompt "The website “foo.example.com” requires a client certificate" and show a list of certificates. Choose the one you installed in step (1).

    To get everything working, you also need to get past these two common errors:

    Client certificate filename: Authentication realm: https://foo.example.com:443

    Translation: Subversion can't find your SSL client certificate on disk.

    Xcode uses Keychain, and Subversion itself (as of v1.4) uses Keychain as well for passwords. For certificates, however, Subversion must be pointed to files on disk.

    1) Open ~/.subversion/servers in your favorite text editor. At the bottom, add the line

    ssl-client-cert-file = /path/to/first.last.p12

    where the value is the path to your client certificate in PKCS#12 format.

    svn: OPTIONS of 'https://foo.example.com/path/to/repository': SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure

    Translation: Subversion can't find the password to decrypt your SSL client certificate.

    See explanation above.

    To save your .p12 password in Keychain: In Terminal, type

    svn ls https://foo.example.com/path/to/repository
    • When prompted, enter the password for the .p12 file. This will be stored in your keychain as an application password.
    • When prompted, enter the administrator password for your Mac.
    • When prompted, enter your server credentials. This will also be stored in your keychain as an application password.

    At this point, you should see the contents of your repository displayed in Terminal.

    Note: If you use Versions by Black Pixel, at least v1.2.2 seems to have trouble using Keychain for passwords, so in ~/.subversion/servers you'll also need to add the line

    ssl-client-cert-password = yourpassword

    where your password is in cleartext. (This is obviously not secure, so don't do it unless you have to.)

    0 讨论(0)
  • 滥情空心
    2020-12-20 23:31

    You can put your certificate file name to SVN configuration file

     ~/.subversion/servers

    In section [global] just add a line (use a full path - not relative)

    ssl-client-cert-file = /path/to/your/certificate.p12

    Optionally you can add also 

    ssl-client-cert-password = yourpassphrase 
store-passwords = yes
store-ssl-client-cert-pp = yes**
    0 讨论(0)
 看不清?
提交回复
热议问题