`

Server certificate verification failed: certificate issued for a different hostn

    博客分类:
  • XP
 
阅读更多

> PROPFIND request failed on '/svn/Superscout'
> PROPFIND of '/svn/Superscout': Server certificate verification 
> failed: certificate issued for a different hostname, issuer is not 
> trusted (https://XX.XX.XX.XX)



First, here's how to fix the situation:

1. Open Terminal (in Utilities, in Applications)
2. Type some svn command against your repository, say "svn ls https://82.100.10.11​0/svn/Superscout 
"
3. You'll get a text prompt about the server's certificate, asking you 
what to do
4. Type "p" (and return), meaning "permanently accept this certificate 
anyway"

That answer will be saved away in a place that both the command line 
"svn" and also SCPlugin will reuse.

Now, the explanation, in case you're curious:

You're accessing Subversion through the HTTP protocol, the same one 
used by web browsers. This is probably the most common way to use SVN. 
HTTP servers can, and often do, use an encrypted connection, called 
"https". Subversion can do that, too, and that's what's going on here.

The encryption includes a "server certificate," a digital signature 
that proves that the server you're talking to really is the one you 
think it is. This is included because it is possible to arrange so 
that connections you think are going to one computer actually go to 
another. There's an attack called the "man in the middle," where some 
bad person sets things up this way, then forwards messages back and 
forth between you and the true server. Your web browser (or 
Subversion) sends and receives exactly the packets it expects to, but 
the "man in the middle" is reading everything. Unfortunately, there is 
no way to detect or prevent this from the stream of messages alone.

The server certificate protects you against this, because the server 
certificates are digitally signed by someone else. The idea is that 
there should be a few signatories that you trust to do this, and you 
can confirm that one of these signed a given server's certificate, and 
hence you trust that it's the one you want. This is the same as 
checking a person's driver's license: you trust the state to attest 
who the person is; you've seen driver's licenses before and can spot a 
phony (at least, if it's not too good a phony), and so having seen the 
license, you can trust that the person is who they claim to be.

This process isn't working for you. The messages actually say there 
are two problems:

- certificate issued for a different hostname
- issuer is not trusted

In the first problem: if I claim to be "Jack Repenning," and attempt 
to prove that by showing you a license for "Fred Smithers," you'd be 
more than a little suspicious, right? Same thing here. However, this 
is probably because you told Subversion to contact "https://82.100.10.110 
" -- that is, the server's "name" is 82.100.10.110. That's the host 
*address*, but typically the server's actual certificate is for their 
host *name*. If you try again, using "https:// 
server.superscout.co.uk" (or whatever the name actually is), this part 
will probably go away. But maybe not: when I try to look up that 
address in the global DNS name base, I don't get a reply. Probably 
that address is internal to your company network, and so conceivably 
you may not have DNS properly set up for it. Maybe that's why you used 
an address rather than a name. At any rate, the procedure above will 
reassure Subversion that this combination really is OK.

In the second problem: metaphorically, Subversion is saying "this 
looks like a driver's license, but it's from some country I've never 
heard of, how do I know whether it's a valid license from there?" 
Actually, there's a good chance that this certificate is signed by one 
of the standard authorities: there's a bug in OS X about the 
installation of this information, as a result of which Subversion (and 
SCPlugin) requires some extra configuration work in order to find the 
list of trusted authorities. If you're going to be connecting to a 
great many different servers, it might be worth your while to fix 
this. That can be done, but until Apple fixes the bug it also means 
you have to manually update it from time to time (about once a year), 
which would be tiresome.

The procedure above works once for all time, for this one address. If 
you only have to do it a few times, you're better off just doing it 
than fixing the authority list. But if you want to fix up the list, 
you can find the directions in the users@ list on scplugin. Or, just 
ask there again, and someone will restate them, or point you to them.




-==-
Jack Repenning
jackrepenning at tigris dot org
Project Owner
SCPlugin
http://scplugin.tigris.org
"Subversion for the rest of OS X"

分享到:
评论

相关推荐

    omniauth: Server certificate verification

    标题“omniauth: Server certificate verification”涉及到的是在使用OmniAuth进行身份验证时,服务器证书验证的相关问题。OmniAuth是一个灵活的身份验证框架,广泛应用于Ruby on Rails应用中,用于集成多种第三方...

    jenkins发版报错Host key verification failed

    jenkins发版报错Host key verification failed. jenkins发版报错Host key verification failed. jenkins发版报错Host key verification failed. jenkins发版报错Host key verification failed. jenkins发版报错Host ...

    Certificate Verification Failed(解决方案).md

    Certificate Verification Failed(解决方案).md

    Certificate verification failed(解决方案).md

    Certificate verification failed(解决方案).md

    U盘启动工具——Ventoy

    Ventoy是一款强大的U盘启动工具,它极大地简化了制作多系统启动U盘的过程。这款工具的最大特点是无需对每个操作系统(OS)镜像进行单独的格式化和制作启动盘操作,只需将ISO文件复制到U盘内,Ventoy就能自动识别并...

    coursera machine learning利用 octave提交作业

    在本资源中,我们主要关注的是如何在Coursera上的吴恩达机器学习课程中,使用Octave 4.0.0版本成功提交作业。吴恩达的这门课程是机器学习领域的经典入门课程,涵盖了广泛的理论知识和实践技能。...

    Jenkins Host key verification failed问题解决

    Jenkins Host key verification failed问题解决 Jenkins 是一个流行的自动化构建工具,但是在使用过程中经常会遇到一些问题,其中一个常见的问题就是 Host key verification failed。这个问题的出现会导致 Jenkins ...

    BernardoLi266#Blog#102_Git提示Host-key-verification-failed1

    title: Git提示Host key verification failed- 报错- 报错问题描述Git提示Host key verification f

    libssl1.1_1.1.1-1ubuntu2.1_18.04.6_amd64.deb

    apt update报错Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.时可能用到

    ca-certificates_20190110_18.04.1_all.deb

    apt update报错Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.时可能会用到

    openssl_1.1.1-1ubuntu2.1_18.04.6_amd64.deb

    apt update报错Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.可能用到

    Certificate Verification System:CVS 旨在帮助雇主确保学位是否伪造。-开源

    证书验证系统旨在帮助阿富汗和卢旺达的雇主在招聘员工时无法检查文件的真实性,以确保给定的证书或学位是由真正知名的大学或学院颁发的。 该在线系统将仅使用一次性密码以更好地保护应用程序。

    ESL DESIGN AND VERIFICATION

    ESL DESIGN AND VERIFICATION: A PRESCRIPTION FOR ELECTRONIC SYSTEM-LEVEL METHODOLOGY 1 What Is ESL? 1 2 Taxonomy and Definitions for the Electronic System Level 11 3 Evolution of ESL Development 35 4 ...

    Echosounder labview源文件_sounder怎么连蓝牙

    《Echosounder LabVIEW源文件与蓝牙连接指南》 LabVIEW,全称为Laboratory Virtual Instrument Engineering Workbench,是一款由美国国家仪器(NI)公司开发的图形化编程环境,广泛应用于科学实验、工程计算以及...

    dsp6000烧写FLASH

    在嵌入式系统开发中,DSP(Digital Signal Processor,数字信号处理器)是核心组件之一,尤其在通信、图像处理等领域广泛应用。本教程聚焦于DSP6000系列处理器的固件烧录,解决将HEX文件成功烧写到FLASH中的问题。...

    Introduction to Design Verification with VMM: A Quickstart Guide

    Introduction to Design Verification with VMM: A Quickstart Guide Introduction to Design Verification with VMM: A Quickstart Guide

    SystemVerilog for Verification

    ### SystemVerilog for Verification #### 一、概述 《SystemVerilog for Verification》是一本详细介绍如何使用SystemVerilog进行验证的书籍。此书为第二版,由Chris Spear编写,主要聚焦于SystemVerilog语言在...

    FAILED: SemanticException org.apache.hadoop.hive.ql.metadata.HiveException: java.lang.RuntimeExcepti

    FAILED: SemanticException org.apache.hadoop.hive.ql.metadata.HiveException: java.lang.RuntimeException: Unable to instantiate org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient 解决方法 ...

Global site tag (gtag.js) - Google Analytics