Subversion 1.9.0-beta1 may accept invalid SSL certificates presented by servers in certain conditions: if both --non-interactive and --trust-foo were passed, and the certificate has two failures, both the 'foo' failure and some other failure.
In this context, a 'failure' corresponds to one of the 1.9.x cmdline client's --trust-* option flags. This issue is not present in any GA release (1.8.x or earlier) and will not be present in 1.9.0 final. Daniel (handling this publicly since it doesn't affect any GA release; normally we handle security issues privately) danie...@apache.org wrote on Sun, May 10, 2015 at 15:54:22 -0000: > Author: danielsh > Date: Sun May 10 15:54:22 2015 > New Revision: 1678571 > > URL: http://svn.apache.org/r1678571 > Log: > * subversion/libsvn_subr/cmdline.c > (trust_server_cert_non_interactive): Fix false-positive acceptance of > certificates with multiple failures of which some but not all were > designated acceptable.