SSL: certificate not recognized after destination has changed ip address

3
votes

After changing the IP address to the SVN server I try to relocate my repository on a Linux machine (Debian Squeeze) with the command svn relocate https://xxx.xxx.xxx.xxx/svn/dir ./ but I get this error:

svn: E120171: Unable to connect to a repository at URL 'https://xxx.xxx.xxx.xxx/svn'
svn: E120171: Error running context: An error occurred during SSL communication

I get the same errors for svn ls https://xxx.xxx.xxx.xxx/svn

Also I get an error with curl:

curl -v  https://xxx.xxx.xxx.xxx/svn/directory                                                 * About to connect() to xxx.xxx.xxx.xxx port 443 (#0)
*   Trying xxx.xxx.xxx.xxx... connected
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

On another server the same commands work properly without errors. It is a certificate problem? How can I accept it?

Normally the program asks me if I have to accept it permanently or not. Why this is no happening anymore?

1
svnsslopenssldebianssl-certificate
We need the server name or IP address to check things. Shooting from the hip, "certificate verify failed" indicates the names don't match. You probably need a new certificate on the server, or you need to trust a different CA.jww

1 Answers

0
votes

If the command works from another server that's not on the same domain (or IP), I would start with flushing my DNS, and trying again. It is likely that the name and/or IP presented by the certificate does not match the domain or IP that you're trying to connect to.