Workaround for Subversion (SVN) certificate verification error: insecure algorithm on Ubuntu 10.04 Lucid Lynx

If you try to check out your code from a hosted subversion repository, under your shiny new Ubuntu 10.04, you may be disappointed to have it fail with the error:

svn: OPTIONS of 'https://server.com/repo': Certificate verification error: signed using insecure algorithm (https://server.com/repo)

Despite multiple threads on various linux and subversion forums which didn't really help (it's not subversion's fault, it's from gnu-utils, and yes, it would be great if everyone could get all their hosting providers to upgrade their certificates, and you could patch and recompile relevant utils), I finally found a work around here in Slovak. With a bit of help from Google translate, here is the work around:

Add to the end of your ~/.subversion/servers file:
ssl-trust-default-ca = no

It means you'll have to verify every certificate manually, but at least you'll be able to check out your code until you can get your hosting provider to update their certificates! Happy days!


Actions

Information

10 responses to “Workaround for Subversion (SVN) certificate verification error: insecure algorithm on Ubuntu 10.04 Lucid Lynx”

12 06 2010
Michael (09:09:36) :

Thank you for this! I am surprised how difficult it was to find a solution to this issue that I could do on my local machine.

24 08 2010
Harpreet (04:01:06) :

Thanks for such a gr8 solution.

26 08 2010
Walt (03:49:48) :

Doesn't work for me. I don't get prompted and I still get a failed connection.

14 09 2010
Counterpoint (19:14:27) :

Works fine for me, doesn't even prompt me for anything. Wonderful! Although I also manage the server, which has a valid commercial certificate, and I'm not too clear what needs to be changed to avoid the situation arising in the first place.

24 03 2011
Cindy (00:39:50) :

Thanks! Saved me from hassling with a client. I appreciate it!

9 06 2011
Michał (21:35:00) :

Thanks, work for me on Ubuntu 11.4.

25 08 2011
Kaanon (05:16:58) :

Works perfectly, thanks!

16 01 2012
Harald Thingelstad (00:28:18) :

Thanks, it worked! Debian testing, fresh update as of today. Running Gnome 3 atm. (Not running in Gnome also have a problem with gnome-keyring being reqired for a lot of apps and at the same time needing oodles of Gnome services to run properly.)

However, I think Subversion can handle this problem better, even if the main problem belongs to gnu-utils. There are a lot of non-certified certificates around, especially for minor projects and web browsers have been handling this for a long time.
Give a warning that the certificate is not verified and ask if you really want to go in. Give the user an option to go on and download anyway. For scripts, svn has the «--non-interactive»option to not ask questions and «--trust-server-cert» eventually to say «yes» automatically.
I think this is the rather obvious way to go, so perhaps it is underway?

18 05 2012
Chris Radebaugh (18:47:53) :

Thank you! Your solution WORKED! Others were detailed and difficult. Yours? Simple and easy. Thanks!

23 06 2012
svn: Certificate verification error: signed using insecure algorithm › dunkelwesen.de (04:16:07) :

[...] bestätigen, dass ihr dem Zertifikat traut, aber dafür funzt dann wenigsten wieder alles ;-)(via)/**/Auch interessant: HowTo: KVIrc Installation unter (K)Ubuntu 10.04 selbst kompiliert Ubuntu [...]