You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Josef Wolf <jw...@raven.inka.de> on 2002/06/26 19:07:09 UTC
svn operating through proxy?
Hello!
I tried to checkout a working copy of svn through a proxy and get the
following error messages:
jw@kh1a927d:~> svn co http://svn.collab.net/repos/svn/trunk -d svn
/home/jw/svn/subversion/libsvn_ra_dav/util.c:333
apr_error: #20014, src_err 0 : <Error string not specified yet>
OPTIONS request failed on /repos/svn/trunk
/home/jw/svn/subversion/libsvn_ra_dav/util.c:307
apr_error: #20014, src_err 0 : <Error string not specified yet>
The OPTIONS status was 500, but expected 200.
When looking at the wire with ethereal I can see this:
My host sends to the proxy:
OPTIONS http://svn.collab.net/repos/svn/trunk HTTP/1.1
User-Agent: neon/0.21.2 SVN/0.13.0 (dev build)
Connection: TE
TE: trailers
Content-Length: 104
Content-Type: text/xml
Host: svn.collab.net
The proxy answers:
HTTP/1.0 500 Server Error
Proxy-agent: Netscape-Proxy/3.52
Date: Wed, 25 Jun 2002 22:03:21 GMT
Content-type: text/html
Content-length: 302
What am I doing wrong? Anyone an idea? Proxy operation works fine with
netscape, ncftp and wget.
--
-- Josef Wolf -- jw@raven.inka.de --
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Ben Collins-Sussman <su...@collab.net>.
Josef Wolf <jw...@raven.inka.de> writes:
> On Wed, Jun 26, 2002 at 02:07:27PM -0500, Karl Fogel wrote:
>
> [ ... ]
> > Next, you need to make sure the proxy server itself supports all
> > the HTTP methods Subversion uses. Some proxy servers do not support
> > these methods by default: PROPFIND, REPORT, MERGE, MKACTIVITY,
> > CHECKOUT. In general, solving this depends on the particular proxy
> > software. For Squid, the config option is
> [ ... ]
> > I see you're not running Squid, so can't say what the proper
> > incantations for your particular proxy might be...
>
> Ummm. Since I have no control on the proxy and the proxy is the only
> way to get out, it seems that I am completely out of luck ;(
You tried port 81 as well? Or is that blocked?
http://svn.collab.net/repos/svn/trunk:81
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by mark benedetto king <bk...@inquira.com>.
On Fri, Jun 28, 2002 at 04:24:15PM +0200, Michael Wood wrote:
>
> It should be very easy to write such a proxy in Python.
>
It should be even easier to use "desproxy", available from sourceforge.
http://desproxy.sourceforge.net/
It does all that and more! It can even do SOCKS4 gatewaying!
--ben
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Michael Wood <mw...@its.uct.ac.za>.
On Fri, Jun 28, 2002 at 05:33:07AM -0700, Mark wrote:
>
> Okay, not sure I got the answer I was looking for. I will try to ask a
> different way. Should I be able to download the bootstrap Subversion
> client and download the latest Subversion source from this https
> address-> https://svn.collab.net/repos/svn/trunk ?
>
> If it is not setup for that, that is fine. If it is setup, then I have
> not figured out how to connect to it through a proxy and firewall
> (that I cannot change) that does not allow the extended http method
> set subversion uses.
It's not set up for that. :)
What someone else suggested was that you could tunnel through the proxy
(using the CONNECT method) the same way that SSL connections get
tunneled through proxies.
Try this:
$ telnet your.proxy.server 8080
Trying 1.2.3.4...
Connected to your.proxy.server.
Escape character is '^]'.
CONNECT svn.collab.net:80 HTTP/1.0
HTTP/1.0 200 Connection established
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 28 Jun 2002 14:08:52 GMT
Server: Apache/2.0.40-dev (Unix) DAV/2 SVN/0.13.1 (dev build)
Last-Modified: Mon, 24 Jun 2002 09:44:50 GMT
ETag: "308120-720-e5212880"
Accept-Ranges: bytes
Content-Length: 1824
Connection: close
Content-Type: text/html; charset=ISO-8859-1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Subversion</title>
[...]
Of course, if you want to get the subversion client to do this, you'd
have to modify it, or else write a small proxy that tunnels through the
real proxy as above. Then tell svn to use your local proxy.
It should be very easy to write such a proxy in Python.
All that's needed is for your real proxy to support the CONNECT method,
and also allow you to connect to port 80 or 81 using it.
--
Michael Wood <mw...@its.uct.ac.za>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by David Summers <da...@summersoft.fay.ar.us>.
No, svn.collab.net does not have HTTPS running, as far as I know. My
point was that the HTTPS protocol does work and it works fine with
subversion for servers that have it set up.
- David
On Fri, 28 Jun 2002, Mark wrote:
> Okay, not sure I got the answer I was looking for. I will try to ask a
> different way. Should I be able to download the bootstrap Subversion client and
> download the latest Subversion source from this https address->
> https://svn.collab.net/repos/svn/trunk ?
>
> If it is not setup for that, that is fine. If it is setup, then I have not
> figured out how to connect to it through a proxy and firewall (that I cannot
> change) that does not allow the extended http method set subversion uses.
>
> Mark
>
> --- Ben Collins-Sussman <su...@collab.net> wrote:
> > David Summers <da...@summersoft.fay.ar.us> writes:
> >
> > > I've set up to run via HTTPS when I authenticate to a server so that I
> > > don't have to type my password in the clear across the net. Works very
> > > nicely. It would be nice if the svn.collab.net server were set up that
> > > way also. But maybe I'm just paranoid.... :-)
> >
> > What, some evil hacker is going to steal a password, and commit nasty
> > things? :-)
> >
> > We'd all see the commit mail. And the whole repository is under
> > version control. And we have backups. Not a big security risk,
> > unless you're foolish enough to use a highly trusted password of yours
> > to do svn commits. I hope nobody is doing that.
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
--
David Wayne Summers "Linux: Because reboots are for upgrades!"
david@summersoft.fay.ar.us PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint = C0 E0 4F 50 DD A9 B6 2B 60 A1 31 7E D2 28 6D A8
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Mark <cm...@yahoo.com>.
Okay, not sure I got the answer I was looking for. I will try to ask a
different way. Should I be able to download the bootstrap Subversion client and
download the latest Subversion source from this https address->
https://svn.collab.net/repos/svn/trunk ?
If it is not setup for that, that is fine. If it is setup, then I have not
figured out how to connect to it through a proxy and firewall (that I cannot
change) that does not allow the extended http method set subversion uses.
Mark
--- Ben Collins-Sussman <su...@collab.net> wrote:
> David Summers <da...@summersoft.fay.ar.us> writes:
>
> > I've set up to run via HTTPS when I authenticate to a server so that I
> > don't have to type my password in the clear across the net. Works very
> > nicely. It would be nice if the svn.collab.net server were set up that
> > way also. But maybe I'm just paranoid.... :-)
>
> What, some evil hacker is going to steal a password, and commit nasty
> things? :-)
>
> We'd all see the commit mail. And the whole repository is under
> version control. And we have backups. Not a big security risk,
> unless you're foolish enough to use a highly trusted password of yours
> to do svn commits. I hope nobody is doing that.
>
>
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Ben Collins-Sussman <su...@collab.net>.
David Summers <da...@summersoft.fay.ar.us> writes:
> I've set up to run via HTTPS when I authenticate to a server so that I
> don't have to type my password in the clear across the net. Works very
> nicely. It would be nice if the svn.collab.net server were set up that
> way also. But maybe I'm just paranoid.... :-)
What, some evil hacker is going to steal a password, and commit nasty
things? :-)
We'd all see the commit mail. And the whole repository is under
version control. And we have backups. Not a big security risk,
unless you're foolish enough to use a highly trusted password of yours
to do svn commits. I hope nobody is doing that.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by David Summers <da...@summersoft.fay.ar.us>.
I've set up to run via HTTPS when I authenticate to a server so that I
don't have to type my password in the clear across the net. Works very
nicely. It would be nice if the svn.collab.net server were set up that
way also. But maybe I'm just paranoid.... :-)
- David
On Thu, 27 Jun 2002, Josef Wolf wrote:
> On Thu, Jun 27, 2002 at 04:49:52AM -0700, Mark wrote:
>
> > Is Subversion setup to use a https:// address? Would this allow one to
> > checkout/update subversion source through a firewall/proxy that doesn't allow
> > the extended method set used by subversion?
>
> Dou you mean I should try
>
> https://svn.collab.net/repos/svn/trunk
>
> Or
>
> https://svn.collab.net:81/repos/svn/trunk
>
> ? Will do that tomorrow. Anyway,
>
> http://svn.collab.net:81/repos/svn/trunk
>
> did _not_ work ;-( What is the reason to set the server on port 81
> instead of the usual 80?
>
>
--
David Wayne Summers "Linux: Because reboots are for upgrades!"
david@summersoft.fay.ar.us PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint = C0 E0 4F 50 DD A9 B6 2B 60 A1 31 7E D2 28 6D A8
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Josef Wolf <jw...@raven.inka.de>.
On Thu, Jun 27, 2002 at 04:49:52AM -0700, Mark wrote:
> Is Subversion setup to use a https:// address? Would this allow one to
> checkout/update subversion source through a firewall/proxy that doesn't allow
> the extended method set used by subversion?
Dou you mean I should try
https://svn.collab.net/repos/svn/trunk
Or
https://svn.collab.net:81/repos/svn/trunk
? Will do that tomorrow. Anyway,
http://svn.collab.net:81/repos/svn/trunk
did _not_ work ;-( What is the reason to set the server on port 81
instead of the usual 80?
--
-- Josef Wolf -- jw@raven.inka.de --
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Mark <cm...@yahoo.com>.
Is Subversion setup to use a https:// address? Would this allow one to
checkout/update subversion source through a firewall/proxy that doesn't allow
the extended method set used by subversion?
Mark
--- Nuutti Kotivuori <na...@iki.fi> wrote:
> Josef Wolf wrote:
> > Ummm. Since I have no control on the proxy and the proxy is the only
> > way to get out, it seems that I am completely out of luck ;(
>
> Well, if your proxy supports the 'CONNECT' method for SSL or other
> ports, that is a viable way to hack around the limitation.
>
> -- Naked
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Nuutti Kotivuori <na...@iki.fi>.
Josef Wolf wrote:
> Ummm. Since I have no control on the proxy and the proxy is the only
> way to get out, it seems that I am completely out of luck ;(
Well, if your proxy supports the 'CONNECT' method for SSL or other
ports, that is a viable way to hack around the limitation.
-- Naked
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Josef Wolf <jw...@raven.inka.de>.
On Wed, Jun 26, 2002 at 02:07:27PM -0500, Karl Fogel wrote:
[ ... ]
> Next, you need to make sure the proxy server itself supports all
> the HTTP methods Subversion uses. Some proxy servers do not support
> these methods by default: PROPFIND, REPORT, MERGE, MKACTIVITY,
> CHECKOUT. In general, solving this depends on the particular proxy
> software. For Squid, the config option is
[ ... ]
> I see you're not running Squid, so can't say what the proper
> incantations for your particular proxy might be...
Ummm. Since I have no control on the proxy and the proxy is the only
way to get out, it seems that I am completely out of luck ;(
--
-- Josef Wolf -- jw@raven.inka.de --
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn operating through proxy?
Posted by Karl Fogel <kf...@newton.ch.collab.net>.
Josef Wolf <jw...@raven.inka.de> writes:
> My host sends to the proxy:
> OPTIONS http://svn.collab.net/repos/svn/trunk HTTP/1.1
> User-Agent: neon/0.21.2 SVN/0.13.0 (dev build)
> Connection: TE
> TE: trailers
> Content-Length: 104
> Content-Type: text/xml
> Host: svn.collab.net
>
> The proxy answers:
> HTTP/1.0 500 Server Error
> Proxy-agent: Netscape-Proxy/3.52
> Date: Wed, 25 Jun 2002 22:03:21 GMT
> Content-type: text/html
> Content-length: 302
>
> What am I doing wrong? Anyone an idea? Proxy operation works fine with
> netscape, ncftp and wget.
Is your proxy configured to pass the necessary DAV requests through?
See this item from
http://subversion.tigris.org/project_faq.html
--------------------------------------------------------------------------
How do I access a repository through a proxy?
First, edit your ~/.subversion/proxies configuration file to
indicate which proxy to use. There are comments in the file
explaining how to do this. If you don't have that file, get the
latest Subversion client and run any command; this will cause the
configuration directory and template files to be created.
Next, you need to make sure the proxy server itself supports all
the HTTP methods Subversion uses. Some proxy servers do not support
these methods by default: PROPFIND, REPORT, MERGE, MKACTIVITY,
CHECKOUT. In general, solving this depends on the particular proxy
software. For Squid, the config option is
# TAG: extension_methods
# Squid only knows about standardized HTTP request methods.
# You can add up to 20 additional "extension" methods here.
#
#Default:
# none
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
<Squid 2.4 and later already knows about PROPFIND.>
--------------------------------------------------------------------------
I see you're not running Squid, so can't say what the proper
incantations for your particular proxy might be...
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org