21

Is there an command line option to auto accept a SSL certificate permanently using the SVN commandline in a way that avoids the prompt?

James McMahon
  • 763
  • 2
  • 8
  • 16

4 Answers4

20

It depends somewhat on your version of SVN. Recent (1.6+) ones have the usual --non-interactive (which you want to use to avoid prompts) and also a --trust-server-cert that may do what you want.

Dan Atkinson
  • 161
  • 2
  • 2
  • 9
pjz
  • 10,497
  • 1
  • 31
  • 40
  • This solution seems to work. Unfortunately the command line certificate accept didn't solve my initial problem. Oh well, at least I know what doesn't work now. – James McMahon Jul 09 '09 at 15:19
  • If this still doesn't work, it may be because you can't access/create the .subversion directory in your home directory. Solution found here: http://chipsandtv.com/articles/svn-invalid-certificates – icc97 Apr 26 '12 at 16:40
  • The chipsandtv.com link is dead. Is there another source? – Joe McMahon Jan 17 '13 at 01:01
  • http://web.archive.org/web/20120512113710/http://chipsandtv.com/articles/svn-invalid-certificates – sergtk Aug 25 '13 at 21:13
  • I ended up having to use both options, now it works, thanks! – rogerdpack Apr 29 '15 at 20:38
10

Using --trust-server-cert will not permanently accept the SSL certificate. You can permanently accept the SSL certificate via the command line using Input Redirection and not using --non-interactive.

Here's an example for Unix/Linux:

svn list [TARGET] << EOF
p
EOF

NOTE: The "p" above is for (p)ermanently.

slm
  • 7,355
  • 16
  • 54
  • 72
Jesse
  • 316
  • 1
  • 4
  • 12
  • Well, my version (`1.6.6 (r40053)`) unfortunately simply won't offer the `p` (permanently) option at all. And since this is on an ancient box which I can't update any longer ... – 0xC0000022L Mar 08 '17 at 14:45
3

My solution uses expect. It isn't secure but it will work when the other solutions won't.

#!/usr/bin/expect -f

set svn_username [lindex $argv 0]
set svn_password [lindex $argv 1]
set svn_url [lindex $argv 2]

spawn svn --username=${svn_username} --password=${svn_password} list ${svn_url}
expect "(R)eject, accept (t)emporarily or accept (p)ermanently? "
send -- "p\r"
expect "Store password unencrypted (yes/no)? "
send "no\r"
expect -re "root@.*:\/#"
2

You should be able to download the certificate and then place it in the appropriate directory. Or you can download the CA certificate and then set the configuration option ssl-authority-files to trust that CA.

See the SSL Certificate Management section in the book.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • I'm in a very strange situation here, see http://serverfault.com/questions/7648/setting-up-redmine-with-the-bitnami-stack-installer-on-windows-server-2003/37938#37938, so I want to be able to pull it off in one command. – James McMahon Jul 08 '09 at 21:07