subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bo Berglund <>
Subject Re: Reverting accidental permanent acceptance of SSL certificate?
Date Sun, 11 Feb 2018 20:00:16 GMT
On Sun, 11 Feb 2018 19:30:04 +0000, Philip Martin
<> wrote:

>Bo Berglund <> writes:
>> How can I revert this? Is there a client svn command to un-accept a
>> certificate? All I find when googling is the opposite, i.e. how to
>> accept a certificate...
>  svn auth
>to see all the stored credentials.  Use
>  svn auth SOMEPATTERN
>to show just those matching SOMEPATTERN.  Use
>  svn auth --remove SOMEPATTERN
>to remove those matching SOMEPATTERN.

Thanks, this helps a lot.
I have now looked into what got saved below .subversion/auth and it
seems like the bogus acceptance did not in fact make it into the auth
area while the valid certificate and login did.

I found the certificate acceptance in this file:


It looks perfectly safe, does not contain anything especially useful.

But now now I have examined the other file I found and my svn username
and password is indeed stored in plain text in the file:


It feels like it would be a bit better if this was also "encrypted" in
some way tied to my logon for example.
The file permissions are both 664, i.e. world readable...

However the parent directory "auth" has permissions set to 700 so I
guess this is some protection at least.

Case closed. :)

Bo Berglund
Developer in Sweden

View raw message