You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Andrew <ap...@kaleo.biz> on 2003/08/11 15:20:06 UTC
Self-Signed Cert and Repository problem
I have two issues at the moment.
1st issue: Has to do with self-signed certificates. Is there a way to
inform the svn client that this is a known good Cert.
Error validating server certificate: Unknown certificate issuer. Accept?
(y/N): y
2nd issue: I have a number of repositories and one is named kaleo. While
access to all of the others work fine which means my configuration of Apache
is working this one reports the following error.
svn: RA layer request failed
svn: PROPFIND request failed on '/kaleo'
svn: PROPFIND of '/kaleo': 301 Moved Permanently (https://svn.xxxxx.yyy)
I can browse this repos. just fine with IE6. But svn or Tortoise both
report the above error.
Thanks,
Andrew P.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Self-Signed Cert and Repository problem
Posted by Tobias Ringström <to...@ringstrom.mine.nu>.
Mukund wrote:
> | 2nd issue: I have a number of repositories and one is named kaleo. While
> | access to all of the others work fine which means my configuration of Apache
> | is working this one reports the following error.
> |
> | svn: RA layer request failed
> | svn: PROPFIND request failed on '/kaleo'
> | svn: PROPFIND of '/kaleo': 301 Moved Permanently (https://svn.xxxxx.yyy)
>
> It looks like your Subversion DAV server is configured to redirect
> requests from the URI you have used to some other location. Check the
> configuration of the server.
Or rather use the new location instead (https://svn.xxxxx.yyy). I hope
that https://svn.xxxxx.yyy in the message above is really a real URL
that you "hid" from us.
The reason it works in a web browser is because it automatically goes to
the new location when it gets a redirect (301). The subversion client
does not do that, at least not yet. You can read more about that in
issue 660 if you're interested:
http://subversion.tigris.org/issues/show_bug.cgi?id=660
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Self-Signed Cert and Repository problem
Posted by Andrew <ap...@kaleo.biz>.
"Mukund" <mu...@tessna.com> wrote in message
news:20030811212730.GA31658@tessna.com...
[snip]
|
| To fix this error message, you have to register the CA certificate with
| the Subversion client (the server certificate itself in case of a
| self-signed certificate). You can do that by editing ~/.subversion/servers
| and using the ssl-authorities-file directive there.
Thanks for the instructions. I find the file in question and now I am
trying to setup this directive
# ssl-authorities-file = /path/to/CAcerts.pem
Where can I find some information that explains the format of the
CAcerst.pem file. Or should this just point to a copy of my server.cert
file. I am totally green when it comes to SSL.
| | 2nd issue: I have a number of repositories and one is named kaleo.
While
| | access to all of the others work fine which means my configuration of
Apache
| | is working this one reports the following error.
| |
| | svn: RA layer request failed
| | svn: PROPFIND request failed on '/kaleo'
| | svn: PROPFIND of '/kaleo': 301 Moved Permanently (https://svn.xxxxx.yyy)
|
| It looks like your Subversion DAV server is configured to redirect
| requests from the URI you have used to some other location. Check the
| configuration of the server.
I can see where this could be the case. As this same setup is functioning
on 4 other repositories. I am using SVNParentPath so this "kaleo" directory
is just one of many repositories using this configuration. I am able to
browse every repository with IE6 and TortoiseSVN. I can checkout every
other repository with TortoiseSVN or svn without error. The only difference
in this repository and the others is the directory structure inside of the
repository. This one does not have the trunk - branch - tag structure.
In ref. to the other post, yes I just masked the URL.
Thanks for your response.
Andrew P.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Self-Signed Cert and Repository problem
Posted by Mukund <mu...@tessna.com>.
On Mon, Aug 11, 2003 at 11:20:06AM -0400, Andrew wrote:
| I have two issues at the moment.
|
| 1st issue: Has to do with self-signed certificates. Is there a way to
| inform the svn client that this is a known good Cert.
|
| Error validating server certificate: Unknown certificate issuer. Accept?
| (y/N): y
In the case of self-signed certificate, the subject and the issuer are
the same entity, and hence the same certificate can be used as both the
SSL server certificate and the CA certificate.
You can easily check this by comparing the subject key identifier and the
authority key identifier in a certificate:
openssl x509 -in certificate.pem -text
should give you the information you need to see. In a self-signed certificate,
both will be of the same value.
To fix this error message, you have to register the CA certificate with
the Subversion client (the server certificate itself in case of a
self-signed certificate). You can do that by editing ~/.subversion/servers
and using the ssl-authorities-file directive there.
| 2nd issue: I have a number of repositories and one is named kaleo. While
| access to all of the others work fine which means my configuration of Apache
| is working this one reports the following error.
|
| svn: RA layer request failed
| svn: PROPFIND request failed on '/kaleo'
| svn: PROPFIND of '/kaleo': 301 Moved Permanently (https://svn.xxxxx.yyy)
It looks like your Subversion DAV server is configured to redirect
requests from the URI you have used to some other location. Check the
configuration of the server.
Mukund
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org