From 093e6e11da713d748dcb47d1f7e6198ca82762b3 Mon Sep 17 00:00:00 2001
From: EricFromCanada <enk3@outlook.com>
Date: Thu, 21 Oct 2021 20:51:00 -0400
Subject: [PATCH] svn: add flags if needed for :trust_cert or remote_exists?

---
 Library/Homebrew/download_strategy.rb |  5 +----
 Library/Homebrew/utils/svn.rb         | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/Library/Homebrew/download_strategy.rb b/Library/Homebrew/download_strategy.rb
index 7c08865607..0182eaf713 100644
--- a/Library/Homebrew/download_strategy.rb
+++ b/Library/Homebrew/download_strategy.rb
@@ -763,10 +763,7 @@ class SubversionDownloadStrategy < VCSDownloadStrategy
 
     args << "--ignore-externals" if ignore_externals
 
-    if meta[:trust_cert] == true
-      args << "--trust-server-cert"
-      args << "--non-interactive"
-    end
+    args.concat Utils::Svn.invalid_cert_flags if meta[:trust_cert] == true
 
     if target.directory?
       command! "svn", args: ["update", *args], chdir: target.to_s, timeout: timeout&.remaining
diff --git a/Library/Homebrew/utils/svn.rb b/Library/Homebrew/utils/svn.rb
index 4c57e04832..5c4269ddd6 100644
--- a/Library/Homebrew/utils/svn.rb
+++ b/Library/Homebrew/utils/svn.rb
@@ -30,9 +30,22 @@ module Utils
       def remote_exists?(url)
         return true unless available?
 
+        args = ["ls", url, "--depth", "empty"]
+        _, stderr, status = system_command("svn", args: args, print_stderr: false)
+        return status.success? unless stderr.include?("certificate verification failed")
+
         # OK to unconditionally trust here because we're just checking if a URL exists.
-        system_command("svn", args: ["ls", url, "--depth", "empty",
-                                     "--non-interactive", "--trust-server-cert"], print_stderr: false).success?
+        system_command("svn", args: args.concat(invalid_cert_flags), print_stderr: false).success?
+      end
+
+      sig { returns(Array) }
+      def invalid_cert_flags
+        opoo "Ignoring Subversion certificate errors!"
+        args = ["--non-interactive", "--trust-server-cert"]
+        if Version.create(version || "-1") >= Version.create("1.9")
+          args << "--trust-server-cert-failures=expired,not-yet-valid"
+        end
+        args
       end
 
       def clear_version_cache