If you try to check out your code from a hosted subversion repository, under your shiny new Ubuntu 10.04, you may be disappointed to have it fail with the error:
svn: OPTIONS of 'https://server.com/repo': Certificate verification error: signed using insecure algorithm (https://server.com/repo)
Despite multiple threads on various linux and subversion forums which didn’t really help (it’s not subversion’s fault, it’s from gnu-utils, and yes, it would be great if everyone could get all their hosting providers to upgrade their certificates, and you could patch and recompile relevant utils), I finally found a work around here in Slovak. With a bit of help from Google translate, here is the work around:
Add to the end of your ~/.subversion/servers file:
ssl-trust-default-ca = no
It means you’ll have to verify every certificate manually, but at least you’ll be able to check out your code until you can get your hosting provider to update their certificates! Happy days!
Michael
Thank you for this! I am surprised how difficult it was to find a solution to this issue that I could do on my local machine.
Harpreet
Thanks for such a gr8 solution.
Walt
Doesn’t work for me. I don’t get prompted and I still get a failed connection.
Counterpoint
Works fine for me, doesn’t even prompt me for anything. Wonderful! Although I also manage the server, which has a valid commercial certificate, and I’m not too clear what needs to be changed to avoid the situation arising in the first place.
Cindy
Thanks! Saved me from hassling with a client. I appreciate it!
Michał
Thanks, work for me on Ubuntu 11.4.
Kaanon
Works perfectly, thanks!
Harald Thingelstad
Thanks, it worked! Debian testing, fresh update as of today. Running Gnome 3 atm. (Not running in Gnome also have a problem with gnome-keyring being reqired for a lot of apps and at the same time needing oodles of Gnome services to run properly.)
However, I think Subversion can handle this problem better, even if the main problem belongs to gnu-utils. There are a lot of non-certified certificates around, especially for minor projects and web browsers have been handling this for a long time.
Give a warning that the certificate is not verified and ask if you really want to go in. Give the user an option to go on and download anyway. For scripts, svn has the «–non-interactive»option to not ask questions and «–trust-server-cert» eventually to say «yes» automatically.
I think this is the rather obvious way to go, so perhaps it is underway?
Chris Radebaugh
Thank you! Your solution WORKED! Others were detailed and difficult. Yours? Simple and easy. Thanks!