Software dev, tech, mind hacks and the occasional personal bit

Workaround for Subversion (SVN) certificate verification error: insecure algorithm on Ubuntu 10.04 Lucid Lynx

If you try to check out your code from a hosted subversion repository, under your shiny new Ubuntu 10.04, you may be disappointed to have it fail with the error:

svn: OPTIONS of 'https://server.com/repo': Certificate verification error: signed using insecure algorithm (https://server.com/repo)

Despite multiple threads on various linux and subversion forums which didn’t really help (it’s not subversion’s fault, it’s from gnu-utils, and yes, it would be great if everyone could get all their hosting providers to upgrade their certificates, and you could patch and recompile relevant utils), I finally found a work around here in Slovak. With a bit of help from Google translate, here is the work around:

Add to the end of your ~/.subversion/servers file:
ssl-trust-default-ca = no

It means you’ll have to verify every certificate manually, but at least you’ll be able to check out your code until you can get your hosting provider to update their certificates! Happy days!

Previous

ACS Alm Talk: Presentation Wrap Up & Slides

Next

Azure Build and Deploy using Powershell

9 Comments

  1. Thank you for this! I am surprised how difficult it was to find a solution to this issue that I could do on my local machine.

  2. Harpreet

    Thanks for such a gr8 solution.

  3. Walt

    Doesn’t work for me. I don’t get prompted and I still get a failed connection.

  4. Works fine for me, doesn’t even prompt me for anything. Wonderful! Although I also manage the server, which has a valid commercial certificate, and I’m not too clear what needs to be changed to avoid the situation arising in the first place.

  5. Cindy

    Thanks! Saved me from hassling with a client. I appreciate it!

  6. Michał

    Thanks, work for me on Ubuntu 11.4.

  7. Kaanon

    Works perfectly, thanks!

  8. Harald Thingelstad

    Thanks, it worked! Debian testing, fresh update as of today. Running Gnome 3 atm. (Not running in Gnome also have a problem with gnome-keyring being reqired for a lot of apps and at the same time needing oodles of Gnome services to run properly.)

    However, I think Subversion can handle this problem better, even if the main problem belongs to gnu-utils. There are a lot of non-certified certificates around, especially for minor projects and web browsers have been handling this for a long time.
    Give a warning that the certificate is not verified and ask if you really want to go in. Give the user an option to go on and download anyway. For scripts, svn has the «–non-interactive»option to not ask questions and «–trust-server-cert» eventually to say «yes» automatically.
    I think this is the rather obvious way to go, so perhaps it is underway?

  9. Thank you! Your solution WORKED! Others were detailed and difficult. Yours? Simple and easy. Thanks!

Powered by WordPress & Theme by Anders Norén