You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by St...@sungard.com on 2006/05/23 19:51:09 UTC
SSL/Certificate Problem
I have Svn 1.3.1 front-ended by Apache. Server and all clients are Win32.
Using HTTP to access repositories works fine. I set up client-side
certificate authentication in Apache. HTTPS GET to browse the repository
works fine (client browser is prompted for certificate and password).
However, HTTPS connectivity from SVN (WebDAV) is not working. Here is a
sample:
e:\>svn co --no-auth-cache https://myserver/svn/testproj/branches/pjtest .
Error validating server certificate for 'https://myserver:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: myserver
- Valid: from May 11 13:36:30 2006 GMT until Dec 14 13:36:30 2025 GMT
- Issuer: [removed]
- Fingerprint: ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee:ee
(R)eject or accept (t)emporarily? t
svn: PROPFIND request failed on '/svn/testproj/branches/pjtest'
svn: PROPFIND of '/svn/testproj/branches/pjtest': Could not read status
line: SSL error: sslv3 alert unexpected message (https://myserver)
A portion of Apache's ssl.conf that matters looks like this:
<Location /svn>
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +OptRenegotiate
DAV svn
SVNParentPath "e:/repos"
SVNIndexXSLT "/svnindex.xsl"
AuthName "Repositories"
AuthType Basic
Require valid-user
AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/users.txt"
AuthzSVNAccessFile "C:/Program Files/Apache Group/Apache2/conf/access.txt"
</Location>
The portion of the c:\documents and settings\all users\subversion\servers
that matters looks like this:
neon-debug-mask = 130
ssl-authority-files = "C:/Documents and
Settings/Steve.Craft/Pki/trustedca.crt"
ssl-client-cert-file = "C:/Documents and
Settings/Steve.Craft/Pki/personal.p12"
ssl-client-cert-password = "maskedofcourse"
http-compression = no
store-passwords = no
store-auth-creds = no
I don't see any revealing debug output, it seems that my trustedca.crt file
is not being used.
The Apache error.log says:
[Tue May 23 15:29:28 2006] [error] Re-negotiation handshake failed: Not
accepted by client!?
The Apache sslrequest.log says:
216.203.6.12 - - [23/May/2006:15:29:28 -0400] "PROPFIND
/svn/testproj/branches/pjtest HTTP/1.1" 403 -
Help?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org