How do I use a custom Certificate Authority in SharpSvn without installing the certificate

Question

I am trying to access a subversion repository using SharpSvn. The repository is only available via https and the machine uses its own private certificate authority (don't worry about the security here, I trust the authority).

I have the Certificate Authority's public root certificate, however due to user access rights I cannot install the certificate into the certificate store.

If I use subversion directly, I can add:

servers:global:ssl-authority-files=/path/to/cacert.crt
servers:groups:myhost=myhostsdns.com

either as command line objects or to the config file.

How do I set these options in SharpSvn so that I can use the cacert.crt file so that I don't get "certificate verification failed" when I try to access my repository, and I don't have to just ignore the error?

Many thanks

Of course I only solved this once signing up and posting the question. I solved this by calling SvnClient.Configuration.SetOption() function. I will post a full answer and mark it as solved as soon as possible (8 hours wait before I can self answer because I'm new here) — benmichael, Jul 25 '12 at 15:19
Welcome to [so], we've been expecting you. If you had the rights to install would that resolve the problem? I keep on coming across this: http://sharpsvn.open.collab.net/ds/viewMessage.do?dsForumId=728&dsMessageId=243704 — Jeremy Thompson, Jul 26 '12 at 03:13
I came across that during my search as well. The problem listed there is about a self signed certificate, which isn't signed by a Certificate Authority. To get around that you must ignore the failure error or to tell svn to trust the certificate. In my issue I had a certificate signed by a CA but the CA that was untrusted. I had the CA's public key, and was trying to get SharpSvn to use it, as I know can be done with subversion. If I had permissions to install to the certificate store I could have done that and subversion would have worked out of the box. See my answer below for the solution. — benmichael, Jul 28 '12 at 15:20

score 1 · Accepted Answer · answered Jul 28 '12 at 15:20

1

How is it that it's only after you ask the question that you realize the answer?

I solved this by setting the configuration options on the SvnClient object as such:

SvnClient _svnClient = new SvnClient();
_svnClient.Configuration.SetOption("servers", "global", "ssl-authority-files", "/path/to/cacert.crt");
_svnClient.Configuration.SetOption("servers", "groups", "myhost", "myhostsdns.com");

Apologies on the self help, hope it helps the next person.

answered Jul 28 '12 at 15:20

benmichael

11
3

Another option is to accept the certificate by hooking the proper events on the _svnClient.Authorization object. – Bert Huijben Aug 21 '12 at 16:43

score 0 · Answer 2 · answered Jun 20 '13 at 12:12

Expanding on the comment of Bert Huijben (above):

client.Authentication.SslServerTrustHandlers += new EventHandler<SharpSvn.Security.SvnSslServerTrustEventArgs>(Authentication_SslServerTrustHandlers);
void Authentication_SslServerTrustHandlers(object sender, SharpSvn.Security.SvnSslServerTrustEventArgs e)
{
    // Look at the rest of the arguments of E, whether you wish to accept

    // If accept:
    e.AcceptedFailures = e.Failures;
    e.Save = true; // Save acceptance to authentication store
}

How do I use a custom Certificate Authority in SharpSvn without installing the certificate

2 Answers2

Linked