How do you accept an SSL certificate through the SVN command line?

Question

Is there an command line option to auto accept a SSL certificate permanently using the SVN commandline in a way that avoids the prompt?

Would this be a better fit at Stack Overflow? – James McMahon Jul 08 '09 at 20:46 — James McMahon, Jul 08 '09 at 20:46

score 20 · Accepted Answer · edited Jun 05 '19 at 18:02

20

It depends somewhat on your version of SVN. Recent (1.6+) ones have the usual --non-interactive (which you want to use to avoid prompts) and also a --trust-server-cert that may do what you want.

edited Jun 05 '19 at 18:02

Dan Atkinson

161
2
2
9

answered Jul 09 '09 at 14:20

pjz

10,497
1
31
40

This solution seems to work. Unfortunately the command line certificate accept didn't solve my initial problem. Oh well, at least I know what doesn't work now. – James McMahon Jul 09 '09 at 15:19
If this still doesn't work, it may be because you can't access/create the .subversion directory in your home directory. Solution found here: http://chipsandtv.com/articles/svn-invalid-certificates – icc97 Apr 26 '12 at 16:40
The chipsandtv.com link is dead. Is there another source? – Joe McMahon Jan 17 '13 at 01:01
http://web.archive.org/web/20120512113710/http://chipsandtv.com/articles/svn-invalid-certificates – sergtk Aug 25 '13 at 21:13
I ended up having to use both options, now it works, thanks! – rogerdpack Apr 29 '15 at 20:38

score 10 · Answer 2 · edited Apr 23 '13 at 18:34

10

Using --trust-server-cert will not permanently accept the SSL certificate. You can permanently accept the SSL certificate via the command line using Input Redirection and not using --non-interactive.

Here's an example for Unix/Linux:

svn list [TARGET] << EOF
p
EOF

NOTE: The "p" above is for (p)ermanently.

edited Apr 23 '13 at 18:34

slm

7,355
16
54
72

answered Apr 23 '13 at 18:08

Jesse

316
1
4
12

Well, my version (`1.6.6 (r40053)`) unfortunately simply won't offer the `p` (permanently) option at all. And since this is on an ancient box which I can't update any longer ... – 0xC0000022L Mar 08 '17 at 14:45

score 3 · Answer 3 · answered Dec 25 '14 at 14:04

My solution uses expect. It isn't secure but it will work when the other solutions won't.

#!/usr/bin/expect -f

set svn_username [lindex $argv 0]
set svn_password [lindex $argv 1]
set svn_url [lindex $argv 2]

spawn svn --username=${svn_username} --password=${svn_password} list ${svn_url}
expect "(R)eject, accept (t)emporarily or accept (p)ermanently? "
send -- "p\r"
expect "Store password unencrypted (yes/no)? "
send "no\r"
expect -re "root@.*:\/#"

score 2 · Answer 4 · answered Jul 08 '09 at 21:04

2

You should be able to download the certificate and then place it in the appropriate directory. Or you can download the CA certificate and then set the configuration option ssl-authority-files to trust that CA.

See the SSL Certificate Management section in the book.

answered Jul 08 '09 at 21:04

Zoredache

128,755
40
271
413

I'm in a very strange situation here, see http://serverfault.com/questions/7648/setting-up-redmine-with-the-bitnami-stack-installer-on-windows-server-2003/37938#37938, so I want to be able to pull it off in one command. – James McMahon Jul 08 '09 at 21:07

How do you accept an SSL certificate through the SVN command line?

4 Answers4

Linked