# SVN SSL error!SOLVED!

## CooSee

hallo,

try to update Kaffeine SVN version :

svn co svn://anonsvn.kde.org/home/kde/trunk/extragear/multimedia

U multimedia/doc/kaffeine/dvbbroadcast.png

U multimedia/doc/kaffeine/dvbtimers.png

U multimedia/doc/kaffeine/kaffeinepart.png

U multimedia/doc/kaffeine/dvbscan.png

U multimedia/doc/kaffeine/dvbepg.png

U multimedia/doc/kaffeine/dvbclient.png

U multimedia/doc/amarok/config_engine.png

U multimedia/kaffeine/src/input/dvb/dvbsection.cpp

U multimedia/amarok/src/mediabrowser.h

U multimedia/amarok/src/playlistbrowser.cpp

U multimedia/amarok/src/mediabrowser.cpp

U multimedia/amarok/src/amarok_proxy.rb

U multimedia/amarok/src/mediumpluginmanager.cpp

U multimedia/amarok/src/playlistbrowser.h

U multimedia/amarok/src/mediadevice/daap/proxy.cpp

U multimedia/amarok/src/mediadevice/daap/daapclient.cpp

U multimedia/amarok/src/mediadevice/daap/proxy.h

U multimedia/amarok/src/mediadevice/daap/daapreader/reader.cpp

U multimedia/amarok/src/mediadevice/daap/daapreader/reader.h

U multimedia/amarok/src/mediadevice/daap/Makefile.am

U multimedia/amarok/src/mediadevice/daap/daapclient.h

U multimedia/amarok/src/mediadevice/Makefile.am

U multimedia/amarok/src/mediadevice/njb/njbmediadevice.h

U multimedia/amarok/src/mediadevice/njb/njbmediadevice.cpp

U multimedia/amarok/src/mediadevice/ipod/ipodmediadevice.cpp

U multimedia/amarok/src/mediadevice/generic/genericmediadevice.h

U multimedia/amarok/src/mediadevice/generic/genericmediadevice.cpp

U multimedia/amarok/src/mediadevice/ifp/ifpmediadevice.cpp

U multimedia/amarok/src/mediadevice/ifp/ifpmediadevice.h

U multimedia/amarok/src/enginecontroller.cpp

U multimedia/amarok/src/contextbrowser.cpp

U multimedia/amarok/configure.in.in

U multimedia/amarok

U multimedia/kdetv/kvideoio/kdetvv4lsetup/videodev.h

U multimedia/kdetv/kvideoio/kdetvv4lsetup/fb.h

U multimedia/kdetv/kvideoio/kdetvv4lsetup/videodev2.h

Hole externen Verweis nach 'multimedia/admin'

svn: PROPFIND Anfrage fehlgeschlagen auf '/home/kde/branches/KDE/3.5/kde-common/admin'

svn: PROPFIND von '/home/kde/branches/KDE/3.5/kde-common/admin': SSL negotiation failed: SSL alert received: Handshake failed (https://svn.kde.org)

CooSee '  Ya

----------

## CooSee

when i try this  svn co svn://anonsvn.kde.org/home/kde/trunk/KDE/kdelibs

works, but why kaffeine don't   :Evil or Very Mad: 

CooSee '  Ya

----------

## intgr

It's trying to fetch the SVN external for multimedia/admin, which is hosted at the HTTPS URL https://svn.kde.org. Sounds like your svn is not accepting self-signed certificates for some reason...

You might want to see if there's something to tweak about in ~/.subversion/config, or alternatively you can checkout with the --ignore-externals option, which will just skip all externals.

My output looks like:

```

Fetching external item into 'multimedia/admin'

Error validating server certificate for 'https://svn.kde.org:443':

 - The certificate is not issued by a trusted authority. Use the

   fingerprint to validate the certificate manually!

Certificate information:

 - Hostname: svn.kde.org

 - Valid: from Wed, 11 May 2005 10:08:21 GMT until Sat, 09 May 2015 10:08:21 GMT

 - Issuer: SVN, KDE e.V., Nuernberg, Bavaria, DE

 - Fingerprint: e1:e6:41:96:3c:eb:ae:78:e2:73:0d:a2:32:2f:6b:21:13:bf:3d:0f

(R)eject, accept (t)emporarily or accept (p)ermanently? t

A    multimedia/admin/config.pl

A    multimedia/admin/Doxyfile.am

[...]

A    multimedia/admin/ylwrap

 U   multimedia/admin

Checked out external at revision 562790.

```

----------

## CooSee

 *intgr wrote:*   

> It's trying to fetch the SVN external for multimedia/admin, which is hosted at the HTTPS URL https://svn.kde.org. Sounds like your svn is not accepting self-signed certificates for some reason...
> 
> You might want to see if there's something to tweak about in ~/.subversion/config, or alternatively you can checkout with the --ignore-externals option, which will just skip all externals.
> 
> My output looks like:
> ...

 

hallo,

but the   multimedia/admin  is needed for compile   :Rolling Eyes: 

why svn don't ask me to validate the certificate    :Question:   :Exclamation: 

just update subversion with no USE changes   :Evil or Very Mad: 

~/.subversion/config is the default

CooSee '  Ya

----------

## intgr

I have no idea why it fails since it's in German and you haven't bothered to translate it. (damn i18n  :Smile: )

One possible solution could be to export/download the certificate from svn.kde.org:443 and add it to your ~/.subversion/config 'ssl-client-cert-file' value in the [global] section.

To get the certificate, enter:

```
openssl s_client -connect svn.kde.org:443
```

and copy everything between "BEGIN CERTIFICATE" and "END CERTIFICATE" into a .pem file (including these lines).

----------

## CooSee

 *intgr wrote:*   

> I have no idea why it fails since it's in German and you haven't bothered to translate it. 
> 
> One possible solution could be to export/download the certificate from svn.kde.org:443 and add it to your ~/.subversion/config 'ssl-client-cert-file' value in the [global] section.
> 
> To get the certificate, enter:
> ...

 

svn: PROPFIND Anfrage fehlgeschlagen auf '/home/kde/branches/KDE/3.5/kde-common/admin'

svn: PROPFIND von '/home/kde/branches/KDE/3.5/kde-common/admin': SSL negotiation failed: SSL alert received: Handshake failed (https://svn.kde.org) 

svn: PROPFIND request failed on  '/home/kde/branches/KDE/3.5/kde-common/admin'

svn: PROPFIND from '/home/kde/branches/KDE/3.5/kde-common/admin': SSL negotiation failed: SSL alert received: Handshake failed (https://svn.kde.org)

CooSee '  Ya

----------

## intgr

One thing I just recalled is checking whether net-misc/neon is compiled with the 'ssl' USE flag:

```

[non]# emerge neon -av

[ebuild   R   ] net-misc/neon-0.26.1  USE="ssl zlib -expat -gnutls -nls -socks5 -static" 0 kB 

```

If not, make sure you re-emerge it with ssl.

If that doesn't help, try re-emerging and/or upgrading dev-libs/openssl.

----------

## CooSee

 *intgr wrote:*   

> One thing I just recalled is checking whether net-misc/neon is compiled with the 'ssl' USE flag:
> 
> ```
> 
> [non]# emerge neon -av
> ...

 

emerge neon -av

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-misc/neon-0.26.1  USE="expat gnutls nls socks5 ssl zlib -static" 0 kB

Total size of downloads: 0 kB

Would you like to merge these packages? [Yes/No]

---

where did i store the .pem file ?

CooSee '  Ya

----------

## intgr

 *CooSee wrote:*   

> where did i store the .pem file ?

 

Doesn't matter where you put it, ~/.subversion/kde.pem or anything like that. Just make sure that ssl-client-cert-file points to it (preferably full path).

----------

## CooSee

 *intgr wrote:*   

>  *CooSee wrote:*   where did i store the .pem file ? 
> 
> Doesn't matter where you put it, ~/.subversion/kde.pem or anything like that. Just make sure that ssl-client-cert-file points to it (preferably full path).

 

hallo,

i don't have a 'global' section in  ~/.subversion/config   :Question:   :Shocked: 

did you mean  ~/.subversion/servers < --- 'global' section   :Question: 

also i tried the new openssl -*  and reemerged subversion but no luck   :Evil or Very Mad: 

CooSee '  Ya

----------

## intgr

 *CooSee wrote:*   

> did you mean  ~/.subversion/servers < --- 'global' section  

 

Indeed, that's what i meant.

 *CooSee wrote:*   

> also i tried the new openssl -*  and reemerged subversion but no luck  

 

I'm out of ideas, so you might want to report a bug at https://bugs.gentoo.org/ and see what happens.

Don't forget that the more information the better - include version numbers of openssl, subversion, neon, your emerge --info, etc.

----------

## CooSee

 *intgr wrote:*   

>  *CooSee wrote:*   did you mean  ~/.subversion/servers < --- 'global' section   
> 
> Indeed, that's what i meant.
> 
>  *CooSee wrote:*   also i tried the new openssl -*  and reemerged subversion but no luck   
> ...

 

hallo,

Thanks for your help   :Very Happy: 

i can live without Kaffeine   :Cool: 

i was just curious   :Rolling Eyes:   :Exclamation: 

EDIT:

https://bugs.gentoo.org/show_bug.cgi?id=140676

EDIT 1:

 ------- Comment #1 From Tim Yamin  2006-07-16 11:04 PST  [reply] -------

This isn't a security bug; the KDE SVN server seems to be misconfigured and we

can't do anything about that.

 :Rolling Eyes: 

CooSee '  Ya

----------

## CooSee

hallo,

Yeeeeeeeeeeeeeeeeeeeeeeeeees i found the error   :Cool:   :Rolling Eyes:   :Shocked:   :Very Happy: 

emerge ' net-misc/neon ' without the ' gnutls ' flag and now svn checkout ask me to validate :

svn co svn://anonsvn.kde.org/home/kde/trunk/extragear/multimedia

Hole externen Verweis nach 'multimedia/admin'

Fehler bei der Validierung des Serverzertifikats für 'https://svn.kde.org:443':

 - Das Zertifikat ist nicht von einer vertrauenswürdigen Instanz ausgestellt

   Überprüfen Sie den Fingerabduck, um das Zertifikat zu validieren!

Zertifikats-Informationen:

 - Hostname: svn.kde.org

 - Gültig: von Wed, 11 May 2005 10:08:21 GMT bis Sat, 09 May 2015 10:08:21 GMT

 - Aussteller: SVN, KDE e.V., Nuernberg, Bavaria, DE

 - Fingerabdruck: e1:e6:41:96:3c:eb:ae:78:e2:73:0d:a2:32:2f:6b:21:13:bf:3d:0f

Ve(r)werfen, (t)emporär akzeptieren oder (p)ermanent akzeptieren? p

A    multimedia/admin/config.pl

A    multimedia/admin/Doxyfile.am

A    multimedia/admin/mkinstalldirs

A    multimedia/admin/Doxyfile.global

A    multimedia/admin/conf.change.pl

A    multimedia/admin/doxygen.sh

A    multimedia/admin/depcomp

A    multimedia/admin/deps.am

A    multimedia/admin/compile

A    multimedia/admin/libtool.m4.in

A    multimedia/admin/bcheck.pl

A    multimedia/admin/config.guess

A    multimedia/admin/debianrules

A    multimedia/admin/config.sub

A    multimedia/admin/ltmain.sh

A    multimedia/admin/detect-autoconf.pl

A    multimedia/admin/am_edit

A    multimedia/admin/cvs.sh

A    multimedia/admin/Makefile.common

A    multimedia/admin/pkg.m4.in

A    multimedia/admin/oldinclude.m4.in

A    multimedia/admin/configure.in.min

A    multimedia/admin/nmcheck

A    multimedia/admin/missing

A    multimedia/admin/acinclude.m4.in

A    multimedia/admin/configure.in.bot.end

A    multimedia/admin/install-sh

A    multimedia/admin/ylwrap

 U   multimedia/admin

Externer Verweis ausgecheckt, Revision 564369.

Ausgecheckt, Revision 564367.

---

emerge -vp neon

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-misc/neon-0.26.1  USE="nls ssl zlib expat -gnutls -socks5 -static" 0 kB

Total size of downloads: 0 kB

---

CooSee '  Ya

----------

