I’m using TeamCity, MSBuild, and SVN together to do some pretty cool stuff around continuous integration and automated builds. It’s been working well, untouched, for well over a year! But all of a sudden my deployment process failed. Checking the logs with TeamCity, I found this:
[11:18:06]: Error validating server certificate for ‘https://[xxx].com:443′:
[11:18:06]: – The certificate is not issued by a trusted authority. Use the
[11:18:06]: fingerprint to validate the certificate manually!
[11:18:06]: Certificate information:
[11:18:06]: – Hostname: [xxx]
[11:18:06]: – Valid: from Mon, 29 Mar 2010 17:44:04 GMT until Thu, 26 Mar 2020 17:44:04 GMT
[11:18:06]: – Issuer: [xxx]
[11:18:06]: – Fingerprint: [xxx]
[11:18:06]: (R)eject, accept (t)emporarily or accept (p)ermanently? svn: OPTIONS of ‘https://[xxx]': Server certificate verification failed: issuer is not trusted (https://[xxx].com)
The best part about this was that, for a change, this error message was very clear. Although I don’t know why the certificate failed. Did it change or expire? Did one of the network guys make a change to something? I didn’t really care. I just wanted to get my build working again.
Here is the line of MSBuild Script that caused the issue: (I’m using the SVN stuff from MSBuild Community Tasks)
<SvnClient Command="ls $(SvnRepository)/tags/$(BuildNumber) Username="$(SvnUserName)" password="$(SvnPassword)" ContinueOnError="true">
<Output TaskParameter="ExitCode" PropertyName="Value"/>
</SvnClient>
Since the Command of SvnClient accepts any SVN command (in other words, anything that I can type at a command prompt), I searched the SVN Documentation. It wasn’t hard to find that I just needed to update to this:
<SvnClient Command="ls $(SvnRepository)/tags/$(BuildNumber) –non-interactive –trust-server-cert" Username="$(SvnUserName)" password="$(SvnPassword)" ContinueOnError="true">
<Output TaskParameter="ExitCode" PropertyName="Value"/>
</SvnClient>
This worked great but my build still failed. That is because I have other SVN actions in my script and they don’t seem to know that I accepted the certificate. However, my other tasks are not using the very generic and flexible SvnClient Command, they are using tasks such as SvnCopy or SvnCommit, etc. For instance:
<SvnCopy SourcePath="$(SvnRepository)/$(SvnProjectLocation)/"
DestinationPath="$(SvnRepository)/tags/$(BuildNumber)"
Message="Auto-tagging Revision: $(BuildNumber)"
Username="$(SvnUserName)" password="$(SvnPassword)" />
So how could I tell SVN to accept the certificate. I checked the MSBuild Community Tasks documentation, took a guess and got lucky on the first try…sweet. I added this:
<SvnCopy SourcePath="$(SvnRepository)/$(SvnProjectLocation)/"
DestinationPath="$(SvnRepository)/tags/$(BuildNumber)"
Message="Auto-tagging Revision: $(BuildNumber)"
Username="$(SvnUserName)" password="$(SvnPassword)"
Arguments="–non-interactive –trust-server-cert" />
I added the Arguments to all of my other SVN Tasks in my script and it worked perfectly!