How do I use a custom Certificate Authority in SharpSvn without installing the certificate

Asked 25/7, 2012 at 14:38 Answered 20/6, 2013 at 12:12

Solved c#ssl sharpsvn certificate-authority

I am trying to access a subversion repository using SharpSvn. The repository is only available via https and the machine uses its own private certificate authority (don't worry about the security here, I trust the authority).

I have the Certificate Authority's public root certificate, however due to user access rights I cannot install the certificate into the certificate store.

If I use subversion directly, I can add:

servers:global:ssl-authority-files=/path/to/cacert.crt
servers:groups:myhost=myhostsdns.com

either as command line objects or to the config file.

How do I set these options in SharpSvn so that I can use the cacert.crt file so that I don't get "certificate verification failed" when I try to access my repository, and I don't have to just ignore the error?

Many thanks

Wallack answered 25/7, 2012 at 14:38 Comment(3)

Of course I only solved this once signing up and posting the question. I solved this by calling SvnClient.Configuration.SetOption() function. I will post a full answer and mark it as solved as soon as possible (8 hours wait before I can self answer because I'm new here) – Wallack 25/7, 2012 at 15:19

Welcome to Stack Overflow, we've been expecting you. If you had the rights to install would that resolve the problem? I keep on coming across this: sharpsvn.open.collab.net/ds/… – Imidazole 26/7, 2012 at 3:13

I came across that during my search as well. The problem listed there is about a self signed certificate, which isn't signed by a Certificate Authority. To get around that you must ignore the failure error or to tell svn to trust the certificate. In my issue I had a certificate signed by a CA but the CA that was untrusted. I had the CA's public key, and was trying to get SharpSvn to use it, as I know can be done with subversion. If I had permissions to install to the certificate store I could have done that and subversion would have worked out of the box. See my answer below for the solution. – Wallack 28/7, 2012 at 15:20

How is it that it's only after you ask the question that you realize the answer?

I solved this by setting the configuration options on the SvnClient object as such:

SvnClient _svnClient = new SvnClient();
_svnClient.Configuration.SetOption("servers", "global", "ssl-authority-files", "/path/to/cacert.crt");
_svnClient.Configuration.SetOption("servers", "groups", "myhost", "myhostsdns.com");

Apologies on the self help, hope it helps the next person.

Wallack answered 28/7, 2012 at 15:20 Comment(1)

Another option is to accept the certificate by hooking the proper events on the _svnClient.Authorization object. – Podium 21/8, 2012 at 16:43

Expanding on the comment of Bert Huijben (above):

client.Authentication.SslServerTrustHandlers += new EventHandler<SharpSvn.Security.SvnSslServerTrustEventArgs>(Authentication_SslServerTrustHandlers);
void Authentication_SslServerTrustHandlers(object sender, SharpSvn.Security.SvnSslServerTrustEventArgs e)
{
    // Look at the rest of the arguments of E, whether you wish to accept

    // If accept:
    e.AcceptedFailures = e.Failures;
    e.Save = true; // Save acceptance to authentication store
}

Wulfila answered 20/6, 2013 at 12:12 Comment(0)

Recommended topics

Hot tags