New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to add SVN repositories over HTTPS #255
Comments
do you have the openssl extension enabled ? |
hmm, no, it should not matter for the SvnDriver |
Forgot to mention, this is on the packigst.org site. |
@simonwelsh try adding the repo as a custom repo locally and run {
"repositories": [
{ "type": "vcs", "url": "https://..." }
]
} |
Locally, it loads fine.
|
I think it's just due to svn prompting the user to accept the ssl certificate. If there is a flag to prevent that it should be fixable. |
The SVN CLI has --trust-server-cert when using --non-interactive |
Okay, so I got SVN to forget the certificate and now the dry run gives:
This is on version 247b02d and is looking more like a problem with composer itself than packagist, as there doesn't seem to be a flag to have svn trust certificates. |
Well packagist uses the composer code so that's to be expected. Anyway I am not sure how to best handle it. Always adding the --trust-server-cert flag always is kind of a security issue. Making it optional might be a way, but not sure if it's a good idea even on packagist to run with --trust-server-cert always on. |
So, no progress on this? I’m curious. How is allowing arbitrary HTTPS servers any less secure than allowing arbitrary HTTP or SSH servers? |
@simonwelsh I don't know if this is still an issue, but anyway the problem is people expect that if they use an https url for their svn repo it won't just accept any certificate. If we make it do that it is IMO reducing security. |
I'm experiencing this now with Composer version 1.0-dev (f1aa655) 2015-08-20 11:59:54, and svn version 1.6.11:
I'm using a self-signed certificate on that repo. Is there any way to pass the |
I solved the problem my connecting to the SVN repo once, and when SVN prompted me to accept the cert, I accepted it permanently, then running via composer worked:
It would be good if composer could catch this, and display a more useful error message. |
Trying to add a SVN repository with a HTTPS URL results in "No valid/supported repository was found at the given URL"
Using the standard http URL of the same repository works fine.
The text was updated successfully, but these errors were encountered: