开发者

Xcode 4 SVN hanging at "Checking out" if client certificate required

I am trying to get Xcode 4 working with my svn repository. I type in the svn address, which i开发者_如何学JAVAt says is reachable, but when I try to check out, it comes up with "The server 'svn.testbedapp.com' requires a client certificate." (it doesn't provide the option to supply the certificate) and then it shows "Checking out 'ProjectName'" indefinitely with s pinning wheel.

Any ideas how I supply the certificate or get it checking anything out?


It's a known issue.

Open terminal, type

svn ls <your repository address>

confirm certificates, check login/pass. After that repo will work fine in xcode.


You can put your certificate file name to SVN configuration file

 ~/.subversion/servers

In section [global] just add a line (use a full path - not relative)

ssl-client-cert-file = /path/to/your/certificate.p12

Optionally you can add also

ssl-client-cert-password = yourpassphrase 
store-passwords = yes
store-ssl-client-cert-pp = yes**


To answer the original question:

The server “foo.example.com” requires a client certificate.

Translation: Xcode can't find the SSL client certificate in your keychain, the certificate is not valid, or if there's multiple certificates, Xcode doesn't know which one to use.

To install a certificate in your keychain: In Finder, open the file that contains your client certificate (typically a .p12 file). Click Add, then enter the password to decrypt the .p12 file. If you have the corresponding root certificate (typically a .pem file), import it as well and click "Always Trust" when prompted.

To make sure the certificate is valid: In Keychain Access, select the client certificate and look for a green checkmark and the words "This certificate is valid".

  • If you see "This certificate was signed by an unknown authority", install a corresponding root certificate.
  • If you see "This certificate was signed by an untrusted issuer", look for where it says "Issued by", find the corresponding root certificate by that name, and mark the root certificate as trusted (at least for X.509 Basic Policy).
  • If you see "This certificate has expired", delete it and get a new one.

To associate the URL with a specific certificate: You need an identity preference. Xcode can't do this, but both Keychain Access and Safari can. In Keychain Access, select the client certificate and choose File menu > New Identity Preference…. Enter the repository URL (e.g. https://foo.example.com/path/to/repository) and click Add.

Alternatively: In Safari, go to your repository URL. If there are multiple certificates installed, Safari will prompt "The website “foo.example.com” requires a client certificate" and show a list of certificates. Choose the one you installed in step (1).


To get everything working, you also need to get past these two common errors:

Client certificate filename: Authentication realm: https://foo.example.com:443

Translation: Subversion can't find your SSL client certificate on disk.

Xcode uses Keychain, and Subversion itself (as of v1.4) uses Keychain as well for passwords. For certificates, however, Subversion must be pointed to files on disk.

1) Open ~/.subversion/servers in your favorite text editor. At the bottom, add the line

ssl-client-cert-file = /path/to/first.last.p12

where the value is the path to your client certificate in PKCS#12 format.

svn: OPTIONS of 'https://foo.example.com/path/to/repository': SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure

Translation: Subversion can't find the password to decrypt your SSL client certificate.

See explanation above.

To save your .p12 password in Keychain: In Terminal, type

svn ls https://foo.example.com/path/to/repository
  • When prompted, enter the password for the .p12 file. This will be stored in your keychain as an application password.
  • When prompted, enter the administrator password for your Mac.
  • When prompted, enter your server credentials. This will also be stored in your keychain as an application password.

At this point, you should see the contents of your repository displayed in Terminal.

Note: If you use Versions by Black Pixel, at least v1.2.2 seems to have trouble using Keychain for passwords, so in ~/.subversion/servers you'll also need to add the line

ssl-client-cert-password = yourpassword

where your password is in cleartext. (This is obviously not secure, so don't do it unless you have to.)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜