You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Anders Blomdell <an...@control.lth.se> on 2004/02/11 17:55:51 UTC
Can not get client side certificates to work
I 'm trying to get subversion to use client side certificates, but when I
try:
svn update
I get this response
svn: PROPFIND request failed on '/svn/repos'
svn: PROPFIND of '/svn/repos': Could not read status line: SSL error:
sslv3
alert unexpected message (https://davinci)
instead of the expected certificate prompt.
It works OK with mozilla, so the problem seems to be in subversion (neon?)
Does anybody have a server with working client-side certificates?
Regards
Anders Blomdell
------------------------------------------------------------------------------
Anders Blomdell
Department of Automatic Control Email: anders.blomdell@control.lth.se
Lund Institute of Technology Phone: +46 46 222 4625
Box 118, S-221 00 Lund, Sweden Fax: +46 46 138118
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Can not get client side certificates to work
Posted by Ben Collins-Sussman <su...@collab.net>.
On Wed, 2004-02-11 at 11:55, Anders Blomdell wrote:
> Does anybody have a server with working client-side certificates?
Of course we do. Do you think we wrote the feature, but never tested
it? :-) I use client-certs all the time with svn.
I think you'll need to give a lot more information about your setup.
How is your server configured (httpd.conf)? How is your client
configured (~/.subversion/servers)? Tell us about your client-cert too
(format)?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Can not get client side certificates to work
Posted by Anders Blomdell <an...@control.lth.se>.
On onsdag, februari 11, 2004, at 06:55 , Anders Blomdell wrote:
> I 'm trying to get subversion to use client side certificates, but when I
> try:
>
> svn update
>
> I get this response
> svn: PROPFIND request failed on '/svn/repos'
> svn: PROPFIND of '/svn/repos': Could not read status line: SSL error:
> sslv3
> alert unexpected message (https://davinci)
>
> instead of the expected certificate prompt.
>
> It works OK with mozilla, so the problem seems to be in subversion (neon?
> )
Does anybody have a svn server that requests client side certificates that
I could try to connect to? I would have expected opensssl to call
'provide_client_cert', but it seems like it never gets that far.
It seems like code goes through these calls:
ne_sock_connect_ssl
svn_cl__auth_ssl_server_trust_prompt
and then call to SSL_read returns -1
after this apache reports:
Re-negotiation handshake failed: Not accepted by client!?
but it seems like subversion doesn't even try to find a client certificate
(or prompt for one). Anybody has a clue?
Regards
Anders Blomdell
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org