You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Anders Blomdell <an...@control.lth.se> on 2004/02/11 17:55:51 UTC

Can not get client side certificates to work

I 'm trying to get subversion to use client side certificates, but when I 
try:

   svn update

I get this response
   svn: PROPFIND request failed on '/svn/repos'
   svn: PROPFIND of '/svn/repos': Could not read status line: SSL error: 
sslv3
        alert unexpected message (https://davinci)

instead of the expected certificate prompt.

It works OK with mozilla, so the problem seems to be in subversion (neon?)

Does anybody have a server with working client-side certificates?

Regards

Anders Blomdell

------------------------------------------------------------------------------
  Anders Blomdell
  Department of Automatic Control     Email: anders.blomdell@control.lth.se
  Lund Institute of Technology        Phone: +46 46 222 4625
  Box 118, S-221 00 Lund, Sweden      Fax:   +46 46 138118


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Can not get client side certificates to work

Posted by Ben Collins-Sussman <su...@collab.net>.

On Wed, 2004-02-11 at 11:55, Anders Blomdell wrote:

> Does anybody have a server with working client-side certificates?

Of course we do.  Do you think we wrote the feature, but never tested
it?  :-)  I use client-certs all the time with svn.

I think you'll need to give a lot more information about your setup. 
How is your server configured (httpd.conf)?  How is your client
configured (~/.subversion/servers)?  Tell us about your client-cert too
(format)?



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Can not get client side certificates to work

Posted by Anders Blomdell <an...@control.lth.se>.

On onsdag, februari 11, 2004, at 06:55 , Anders Blomdell wrote:
> I 'm trying to get subversion to use client side certificates, but when I 
> try:
>
>   svn update
>
> I get this response
>   svn: PROPFIND request failed on '/svn/repos'
>   svn: PROPFIND of '/svn/repos': Could not read status line: SSL error: 
> sslv3
>        alert unexpected message (https://davinci)
>
> instead of the expected certificate prompt.
>
> It works OK with mozilla, so the problem seems to be in subversion (neon?
> )
Does anybody have a svn server that requests client side certificates that 
I could try to connect to? I would have expected opensssl to call 
'provide_client_cert', but it seems like it never gets that far.

It seems like code goes through these calls:
   ne_sock_connect_ssl
     svn_cl__auth_ssl_server_trust_prompt
   and then call to SSL_read returns -1

after this apache reports:
   Re-negotiation handshake failed: Not accepted by client!?

but it seems like subversion doesn't even try to find a client certificate 
(or prompt for one). Anybody has a clue?


Regards

Anders Blomdell


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org