[ET Trac] [Einstein Toolkit] #1801: Certificate for svn.cct.lsu.edu not trusted
Einstein Toolkit
trac-noreply at einsteintoolkit.org
Tue Aug 18 03:06:38 CDT 2015
#1801: Certificate for svn.cct.lsu.edu not trusted
---------------------+------------------------------------------------------
Reporter: rhaas | Owner:
Type: defect | Status: new
Priority: unset | Milestone:
Component: Other | Version: development version
Resolution: | Keywords:
---------------------+------------------------------------------------------
Comment (by rhaas):
One more data point: I can get the default client to work by setting the
{{{SSL_CERT_FILE}}} environment variable to the certificate bundle from
curl. Unfortunately that file does not exist on a freshly installed mac it
seems. However one can extract the keys out of OSX's key chain using:
{{{
security export -k
/System/Library/Keychains/SystemRootCertificates.keychain -t certs -f
pemseq p
}}}
so we '''could''' (when we detect we are running on OSX and that
certificates are failing, eg by checking that {{{svn info --non-
interactive}}} fails but {{{svn info --non-interactive --trust-server-
cert}}} succeeds so that we don't have to rely on some English language
string parsing) use the "security" command to write the certificates into
a file (either in /tmp or in $HOME/.crl) and then set {{{SSL_CERT_FILE}}}
before we call svn.
--
Ticket URL: <https://trac.einsteintoolkit.org/ticket/1801#comment:19>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit
More information about the Trac
mailing list