How-To Fix Cadaver Showing “WARNING: Untrusted server certificate presented” on Mac OS X

Here is explained how to compile Cadaver to support root CA certificates with ‘homebrew’ or Mac OS X.

Cadaver is a command line webdav client tool. It’s available on Mac through the ‘homebrew‘ subsystem for OS X.
It has the capability to connect you to webdav services via both http and https protocols, with the same ease you would use a ftp client.

While using ‘cadaver’ to connect to a webdav repository via https (SSL encrypted http), you may experience the odd request from the tool to accept the SSL certificate offered by the site you are connecting to because it is recognised as ‘Untrusted’, although the same certificate is not expired yet and is recognised as trusted by any other tool webdav client you may use (i.e. browsers or graphical tools like Cyberduck). This is the message that will be thrown “WARNING: Untrusted server certificate presented”.

This annoying behaviour prevents you to use ‘cadaver’ in system scripting because it will require a human interaction at any execution.

The reason behind this obvious error, are apparently connected to the fact that ‘cadaver’ relies on the ‘libneon’ libraries to handle the SSL encrypted connections and such libraries, in the instance of OS X, are not able to interact with Certificate Authorities Certificates installed in the system, therefore there are not able to verify the ‘trusted’ status of any certificate they come across.

On a GNU/Linux system showing the same warning,  it’s probably enough to install the ‘ca-certificates’ packager otherwise another possible solution is to recompile the ‘libneon’ libraries making sure to specify the right path to the ‘root CA certificates’ during the configuration.

On a Mac OS X the ‘libneon’ libraries are not available via ‘homebrew’, then installed version of cadaver is using it’s own copy of them. That means we will have to force ‘homebrew’ to recompile an reinstall ‘cadaver’ including a copy of the ‘root CA certificates‘. To do so we will use ‘curl’ sources and modify cadaver’s homebrew formula formula.

You may skip the stage 1 and 2 in case you have already a curl’s certificate bundle installed at/usr/share/curl/curl-ca-bundle.crt

  1. Download and unarchive the Curl sources:
    $ wget http://curl.haxx.se/download/curl-7.22.0.tar.bz2
    $ tar xvjf curl-7.22.0.tar.bz2
  2. Retrive the ‘root CA certificates’ using a script included in curl’s sources directory:
    $ cd curl-7.22.0/lib/ 
    $  ./mk-ca-bundle.pl
  3. Install the ‘root CA certificates’ :
    $ sudo mkdir -p /usr/share/curl/
    $ sudo cp ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt
  4. modify cadaver’s homebrew formula to include the ‘root CA certificates’ during the compilation:
    $ brew edit cadaver

    add this  string  – “–with-ca-bundle=/usr/share/curl/curl-ca-bundle.crt”, – to the ‘def install’ section of the formula (including the double-quotes and the comma), as follow:

    def install

    system “./configure”, “–prefix=#{prefix}”,

    “–with-included-neon”,

    “–with-ca-bundle=/usr/share/curl/curl-ca-bundle.crt”,

    “–with-ssl”

     

  5. Remove the current installation of ‘cadaver’:
    $ brew remove cadaver
  6. Re-Install ‘cadaver’ that will be recompiled with a link to the ‘root CA certificates’:
    $ brew install cadaver

    Mind that the ‘root CA certificates’ will not be hard-coded in ‘cadaver’, only their path will be hardcoded, so DO NOT move the ‘curl-ca-bundle.crt’ from it’s location otherwise you will experience again the ‘WARNING: Untrusted server certificate presented’ issue.

At this point you should be able to use cadaver with https webdav repositories without been requested to accept every single SSL certificate.

 

Comments

comments

Powered by Facebook Comments

About marcomc

Marco M.C. is a System Administrator with 10 years of professional experience in ICT. He has deep knowledge of Mac OS X, Windows, and GNU/Linux. His hobbies vary from DIY, Traveling, learning foreign languages and especially he love to cook and experiment with food from all around the world.
This entry was posted in Apple & Mac, How-To, IT and tagged , , , , , . Bookmark the permalink.