概要
俗に言うオレオレ証明書を用いて公開されているSVNリポジトリを、Macで扱う際のTips 及び 断念した事のメモ。
環境
- OS X 10.9.2 (Mavericks)
handshake failed
参考
症状
$ svn list https://example.net/svn/repos
svn: E175002: Unable to connect to a repository at URL 'https://example.net/svn/repos'
svn: E175002: OPTIONS of 'example.net/svn/repos': SSL handshake failed: SSL error code -1/1/336032856 (https://example.net)
対策
brew で svn 及び openssl の最新版を入れる
Shell
$ sudo brew install svn
==> Installing subversion dependency: openssl
==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/openssl-1.0
Already downloaded: /Library/Caches/Homebrew/openssl-1.0.1g.mavericks.bottle.tar.gz
==> Pouring openssl-1.0.1g.mavericks.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, so it was not symlinked into /usr/local.
Mac OS X already provides this software and installing another version in
parallel can cause all kinds of trouble.
The OpenSSL provided by OS X is too old for some software.
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
==> Summary
? /usr/local/Cellar/openssl/1.0.1g: 429 files, 15M
==> Installing subversion
==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/subversion-
Already downloaded: /Library/Caches/Homebrew/subversion-1.8.8.mavericks.bottle.1.tar.gz
==> Pouring subversion-1.8.8.mavericks.bottle.1.tar.gz
==> Caveats
svntools have been installed to:
/usr/local/opt/subversion/libexec
Bash completion has been installed to:
/usr/local/etc/bash_completion.d
==> Summary
? /usr/local/Cellar/subversion/1.8.8: 116 files, 9.3M
上のように、openssl の 1.0.1g が入る。
一度ターミナルを閉じて(Cmd-Q)、再度開いて以下を確認。
Shell
% svn --version
svn, version 1.8.8 (r1568071)
compiled Apr 22 2014, 22:31:17 on x86_64-apple-darwin13.1.0
(snip)
ここで openssl のバージョンを見ると
Shell
$ openssl version
OpenSSL 0.9.8y 5 Feb 2013
これが気持ち悪い人は、
Shell
$ sudo brew link --force openssl
svnX 等から、Self-Signed な証明書の検証ができない
これは Mac に限った話ではないが一応載せておく。
症状
svn: E230001: Unable to connect to a repository at URL 'https://example.net/svn/repos'
svn: E230001: Server SSL certificate verification failed: issuer is not trusted
対策1: 一度ターミナルで明示的に許可する(検証を無視する)
$ svn list https://example.net/svn/repos
を叩いて、(p)ermanently を選択
shell
% svn list https://example.net/svn/repos
Error validating server certificate for 'https://estoc.weseek.co.jp:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: estoc.weseek.co.jp
- Valid: from Mar 18 23:28:16 2011 GMT until Mar 15 23:28:16 2021 GMT
- Issuer: Quartz Certificate Authority, Tokyo, JP
- Fingerprint: XX:XX:41:40:38:F4:A7:E8:F5:20:80:FE:59:E6:57:E2:22:F7:4B:8E
(R)eject, accept (t)emporarily or accept (p)ermanently? p
}}
情報は、~/.subversion/auth/ に保存される。
対策2: 証明書を読み込む
~/.subversion/servers の ssl-authority-files を設定する。
割愛。
git-svn できない
自分の環境では起こらなかったが、こういう症状もあるらしい。
symlink で解決する模様。
[Unresolved] git-svn で、Self-Signed な証明書の検証ができない
環境
どちらも brew でインストール。
Shell
$ git --version
git version 1.9.2
$ svn --version
svn, version 1.8.8 (r1568071)
compiled Apr 22 2014, 22:31:17 on x86_64-apple-darwin13.1.0
(snip)
症状
Shell
$ git svn clone https://example.net/svn/repos
Initialized empty Git repository in /Users/hoge/repos/.git/
RA layer request failed: Unable to connect to a repository at URL 'https://example.net/svn/repos': OPTIONS of 'https://example.net/svn/repos': SSL handshake failed: SSL error code -1/1/336032856 (https://example.net) at /usr/local/Cellar/git/1.9.2/lib/perl5/site_perl/Git/SVN.pm line 148.
対策
ない。。上の「svnX 等から、Self-Signed な証明書の検証ができない」の項での対策を講じても効果無し。
~/.subversion/servers の構文がおかしかったりするとエラーメッセージが変わるので、同じ設定のはずではあるのだが…
誰か知ってたら教えてください。