fetch.type svn: don't ignore SSL certificates unless port says to

[ryandesign (Ryan Carsten Schmidt)]

Since r54434, when using fetch.type svn, MacPorts checks out Subversion working copies using the --trust-server-cert option. MacPorts should only trust unknown SSL certificates if the port says fetch.ignore_sslcert yes.

Support for the --trust-server-cert option is also the only reason why MacPorts depends on the subversion port when the OS is less than Snow Leopard; this requirement could be removed if the port doesn't need to ignore the certificate.

[ryandesign (Ryan Carsten Schmidt)]

The svn bundled with Lion apparently has its own issues verifying ssl certificates (has somebody filed a RADAR bug?), which means we'd either have to continue ignoring certificates on Lion or require the subversion port on Lion.

[jmroot (Joshua Root)]

Replying to ryandesign@…:

(has somebody filed a RADAR bug?)

rdar://problem/11116033

Feel free to file a(nother) dupe.

[ryandesign (Ryan Carsten Schmidt)]

We are still unconditionally using --trust-server-cert for svn fetches, and we should still stop doing that unless explicitly requested by the port.

But in the mean time, MacPorts base requires the subversion port on OS X El Capitan and earlier because their /usr/bin/svn doesn't support TLS. So the concern about unnecessarily requiring the subversion port on old OS versions is no longer applicable.

[jmroot (Joshua Root)]

Partially fixed in [4acfd686dc1e88befaf288c549d7e895e1b13347/macports-base]

[jmroot (Joshua Root)]

In 9380ac43dd649837e07862310b2a5cbc2d3b016c/macports-base (master):

svnfetch: respect fetch.ignore_sslcert

Closes: #29129