Gentoo: Subversion not permanently accepting SSL certs

Today I had a rather frustrating issue, as svn would not allow me to permanently accept an SSL Cert under Gentoo, rather just offering me the option to reject or accept temporarily.

Error validating server certificate for \'xxxxxxxx\':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
 - The certificate has an unknown error.
Certificate information:
 - Hostname: xxxxxxxx
 - Valid: from xxxxxxxx until xxxxxxxx
 - Issuer: xxxxxxxx
 - Fingerprint: xxxxxxxx
(R)eject or accept (t)emporarily?

After some Googling, I found Bug 295617: subversion won’t save bad certificates permanently with Neon 0.29. By this point Neon 0.28 had left the portage tree, so downgrading was not an easy option. However, a comment on Bug 238529 hinted at a workaround: build Neon without GnuTLS.

To fix this issue, the easy fix is:

echo \'net-libs/neon -gnutls\' >> /etc/portage/package.use
emerge -DN subversion

Neon should rebuild and all will be well!

Error validating server certificate for \'xxxxxxxx\':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
 - The certificate has an unknown error.
Certificate information:
 - Hostname: xxxxxxxx
 - Valid: from xxxxxxxx until xxxxxxxx
 - Issuer: xxxxxxxx
 - Fingerprint: xxxxxxxx
(R)eject, accept (t)emporarily or accept (p)ermanently?

1 Comment

  1. Gary Bedoka Said,

    May 27, 2011 @ 8:56 pm

    I think this is among the most significant info for me. And i am glad reading your article. But wanna remark on few general things, The site style is wonderful, the articles is really excellent : D. Good job, cheers