Agents can't preform svn co due to ssl problem

Answered

Hi,

Since May 30 svn agents aren't able to do svn co:

[12:47:22]

Failed to collect changes, error: Error getting current revision: svn: E200015: Server SSL certificate for 'https://vcs.zeptodev.com:443' rejected, consider testing your SSL certificate with https://www.ssllabs.com/ssltest, VCS root: "Client RW Root" {instance id=1720, parent internal id=479, parent id=ClientSide_ClientRwRoot, description: "svn: https://vcs.zeptodev.com/svn/projects"}
[12:47:22]
Failed to collect changes, error: Error getting current revision: svn: E200015: Server SSL certificate for 'https://vcs.zeptodev.com:443' rejected, consider testing your SSL certificate with https://www.ssllabs.com/ssltest, VCS root: "Client RW Root" {instance id=1720, parent internal id=479, parent id=ClientSide_ClientRwRoot, description: "svn: https://vcs.zeptodev.com/svn/projects"}
[12:47:22]

Build finished

I dound that that it was related to expired Comodo root cert so we made new ssl certs for our svn server, but it didn't help and we're still getting this errors.

I've tried to do svn co manually:

java -cp "/opt/teamcity/buildagent-donkey1/plugins/svnAgent/lib/*" org.tmatesoft.svn.cli.SVN info https://vcs.zeptodev.com/svn/pxe/
Error validating server certificate for 'https://vcs.zeptodev.com:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
- The certificate hostname does not match.
Certificate information:
- Subject: CN=*.zeptodev.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated
- Valid: from Sun Jul 15 02:00:00 CEST 2018 until Thu Aug 06 01:59:59 CEST 2020
- Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
- Fingerprint: bf:34:d2:4d:f1:c3:a2:ad:88:de:83:4d:80:ea:f6:bb:6a:28:a7:55

 

I get same error with svnkit whereas sytem svn works perfectly:

/usr/bin/svn co https://vcs.zeptodev.com/svn/pxe/
Authentication realm: <https://vcs.zeptodev.com:443> Zeptolab VCS
Password for 'adm-romanb':

Our svn server https://vcs.zeptodev.com is open so you can check that ssl cert is fine.

TeamCity Enterprise 2019.1.1 (build 66192) on Ubuntu 18.04 host

Teamcity agents are installed on Ubuntu 18.04 and macOS 10.15.4 (19E266)

1 comment
Comment actions Permalink

Hello Roman,

I am sorry for the delayed response on this issue. Is it still topical for you?

First of all, TeamCity has an option to ignore certificate validation if it fails for some reason (https://www.jetbrains.com/help/teamcity/subversion.html - please see the Enable non-trusted SSL certificate option description). You may need a clean checkout on a build configuration level - please see the article for the details: https://www.jetbrains.com/help/teamcity/clean-checkout.html

As to the issue itself - could you please backup and remove ~/.subversion/auth/svn.ssl.server folder? Former error message appears to be related to the server (scheduled polling), but you may try the same from agent machine and do manual svn co.

0

Please sign in to leave a comment.