5

For about 6 hours I'm now trying to checkout a working copy from my teams server. This is my command svn co https://myserver.com/svn/myproject workingcopy But I get the following error message: svn: OPTIONS of 'https://myserver.com/svn/myproject': SSL handshake failed: SSL error: certificate verify failed (https://myserver.com/svn/)

On every machine I'm trying to checkout this workingcopy it works like a charm, just on my Mac I'm getting this certain error.

MechMK1
  • 3,278
  • 7
  • 37
  • 55

2 Answers2

7

I know this is an old post, but I landed here from google.

This solved my problem. Handshake failure with "SSL error code -1/1/336032856" on OS X 10.7

(turns out my ServerName in Apache didn't match my server name in the cert - full details available in the SVN FAQ: http://subversion.apache.org/faq#ssl-error-336032856)

The short of it: "Make sure your server configuration uses correct values for ServerName and NameVirtualHost." (and make sure they match the CN in the cert).

Community
  • 1
  • 1
rwg1138
  • 136
  • 1
  • 3
  • It would be nice if you could sum up what's behind that link. Link only answers are not that welcome here. – fancyPants Dec 12 '12 at 11:30
  • Apologies. I wanted to ensure the responder in the original thread was credited with providing the solution. My intent was to merely call attention to it. – rwg1138 Dec 18 '12 at 15:51
4

SSL error: certificate verify failed is indication of client-side error. Try to check certificate chains on good and bad location, find missing intermediate certificate (I expect this result) and move it to appropriate place

Fix: I overlooked Mac as source, had Win in mind. Server certs usually live in ~/.subversion/auth/s​vn.ssl.server/ , you can copy needed file from good client

Adds: if you aren't security-concerned, you can simply use svn checkout --non-interactive --trust-server-cert https://....

Lazy Badger
  • 94,711
  • 9
  • 78
  • 110
  • It's a shame to ask, but how do I do that? I've never worked with certificates before, so please excuse – MechMK1 Nov 06 '11 at 14:10
  • Open https://myserver.com/svn/myproject in Browser, view at cert, properties, chain. – Lazy Badger Nov 06 '11 at 15:49
  • I've copied the files from ~/.subversion/auth/svn.ssl.server/ from the working one to my one, but nothing changed. I expect an error with OpenSSL – MechMK1 Nov 06 '11 at 16:13
  • also, when I run the command with --non-interactive --trust-server-cert, nothing changes. The same error message remains – MechMK1 Nov 06 '11 at 16:19
  • Can I see your repo? Or another dummy repo on this host? – Lazy Badger Nov 06 '11 at 17:27
  • If there is a way to give you the info non-public as it contains source code which must not be public-viewable – MechMK1 Nov 06 '11 at 20:53
  • I think, now https repo have `require valid-user` + `satisfy any`? With **only* `require valid-user` even read operation for repo must me auth'ed. You can create separate user for me and kill it later. Or give me access to any other repo with any heap inside on same host - it will use same cert and have to produce (or not) the same problem – Lazy Badger Nov 07 '11 at 06:59
  • No need for this now, I solved it. Appearently MacOS 10.7 has a bug in it's OpenSSL library. Merging some libraries from 10.6 solved it for me – MechMK1 Nov 07 '11 at 22:20
  • Getting this from a mac as well and would confirm that --non-interactive --trust-server-cert had no effect. I'm going across a VPN and accessing a server that is usually reached through a windows domain at work. Think my issue lies mostly there with the authentication. – ficuscr May 31 '12 at 16:43