On Tue, Jul 26, 2011 at 2:32 PM, Daniel Shahaf <d...@daniel.shahaf.name> wrote: > Daniel Shahaf wrote on Tue, Jul 26, 2011 at 22:19:13 +0300: >> Dan Yost wrote on Tue, Jul 26, 2011 at 12:57:29 -0500: >> > Or to state the below (pardon the top-post) much more simply: the >> > --trust-server-cert flag does not work. It fails to perform its >> > singular function, which is...to force trust of the server cert, >> > right? >> > >> >> Its function is to accept certificates signed by unknown CA's without >> prompting. In your case you have two failures, one of them being the >> mismatching subject name (hostname), so you do get prompted. > > See ssl_trust_unknown_server_cert() in subversion/libsvn_subr/cmdline.c. > > There were discussions about extending this to, for example, > --trust-server-cert2=comma,separated,list,of,failures,to,ignore , > and I think someone may have started working on a patch, but they never > submitted it to us. >
A possibility, indeed. What's still very odd is that there's actually no error--nothing to ignore. That is, 95% of the time, then randomly (5%) it shanks, and nobody touched anything (on either server side or client side). That's what is making me crazy. Dan