Recently I've updated the neon library on my gentoo system from 0.28.6 to neon-0.29.0 and my https:// connection is not working anymore. "Not working" means here that svn is asking the "(R)eject or accept (t)emporarily?" question. As you can see there is no way to accept this certificate forever. With the neon library 0.28.6 everything is working fine. There is no question about the certificate. Here's the complete output with the flag "neon-debug-mask = 258". I replaced the domain name with "company.invalid": % svn up Running pre_send hooks compress: Initialization. compress: Initialization. Sending request headers: OPTIONS /svn/src/perl/suckula HTTP/1.1 User-Agent: SVN/1.6.6 (r40053) neon/0.29.0 Keep-Alive: Connection: TE, Keep-Alive TE: trailers Host: dev.int.company.invalid Content-Type: text/xml Accept-Encoding: gzip DAV: http://subversion.tigris.org/xmlns/dav/svn/depth DAV: http://subversion.tigris.org/xmlns/dav/svn/mergeinfo DAV: http://subversion.tigris.org/xmlns/dav/svn/log-revprops Content-Length: 104 Accept-Encoding: gzip Sending request-line and headers: Doing DNS lookup on dev.int.company.invalid... Connecting to 10.20.11.17 Negotiating SSL connection. ssl: Got 3 certs in peer chain. ssl: Match common name '*.company.invalid' against '' ssl: Match common name 'PositiveSSL CA' against '' ssl: Match common name 'UTN-USERFirst-Hardware' against '' ssl: Match common name 'AddTrust External CA Root' against '' ssl: Match common name 'AddTrust External CA Root' against '' ssl: Match common name '*.company.invalid' against 'dev.int.company.invalid' ssl: Identity match for 'dev.int.company.invalid': bad ssl: Verify peers returned 0, status=0 ssl: Verification failures = -1223176442 (status = 0). Error validating server certificate for 'https://dev.int.company.invalid:443': - The certificate hostname does not match. - The certificate has expired. - The certificate has an unknown error. Certificate information: - Hostname: *.company.invalid - Valid: from Mon, 11 Jun 2007 00:00:00 GMT until Wed, 15 Sep 2010 23:59:59 GMT - Issuer: Comodo CA Limited, Salford, Greater Manchester, GB - Fingerprint: d2:d6:76:ee:7c:b1:87:ce:28:6a:0e:eb:c5:03:87:30:cf:1d:a7:b9 (R)eject or accept (t)emporarily? Here are 3 facts: 1) The clock on both computers are fine. There are complete in sync with the reality. B-) 2) Downgrading the neon library to 0.28.6 solves the problem. The certificate questions disappears and everything is working. 3) Using the "(t)emporarily" option is working. "svn" is doing it's update for this time and the next time the question pops up again. If you need additional information, please feel free to ask.
Original issue reported by ewasser