#40383: failed synchro with selfupdate using svn version --------------------------+-------------------------------- Reporter: leclercfl@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: base | Version: 2.2.99 Resolution: | Keywords: Port: | --------------------------+-------------------------------- Comment (by raimue@…): This is a infamous bug in /usr/bin/svn from Mac OS X as shipped by Apple. If I remember correctly it's broken since Mac OS X 10.5 Lion. The only place where Apple ships certificates is in the Keychain, but they are not used by the installed Subversion client to validate certificates. There are some tutorials on how to extract the certificates from Keychain and put them into the CA search path at `/System/Library/OpenSSL/certs/`. You need to manually accept the certificate before you will be able to sync using over SSL with Subversion without a certificate validation error. Choosing permanently will store the fingerprint inside ~/.subversion/auth/svn.ssl.server/. Note that the sync command will be run as the user owning the ports tree directory specified in sources.conf, so the certificate needs to be accepted by that user. Publishing the fingerprint for you to check here (as an alternative, you could also get it from your browser): {{{ /usr/bin/svn info https://svn.macports.org/repository/macports Error validating server certificate for 'https://svn.macports.org:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: *.macports.org - Valid: from Tue, 22 Feb 2011 17:29:43 GMT until Tue, 18 Mar 2014 23:36:56 GMT - Issuer: 07969287, http://certificates.godaddy.com/repository, GoDaddy.com, Inc., Scottsdale, Arizona, US - Fingerprint: 4d:ea:4a:77:55:ac:8e:2e:9e:11:8a:59:3d:ec:c7:45:7d:b0:72:19 (R)eject, accept (t)emporarily or accept (p)ermanently? }}} The subversion client distributed by the subversion port in MacPorts uses the curl-ca-bundle to validate certificates and therefore will not suffer from such problems. Installing this port will also solve this problem. However, for a new installation that is a chicken-and-egg problem if you want to sync using Subversion exclusively. -- Ticket URL: <https://trac.macports.org/ticket/40383#comment:4> MacPorts <http://www.macports.org/> Ports system for OS X