You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Bernd May <be...@net.t-labs.tu-berlin.de> on 2010/07/21 13:36:34 UTC
Subversion client ssl cert configuration
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am currently trying to configure my svn client so it automagically
uses my client ssl certificate to authenticate to our svn server.
The documentation states that one simply should edit the configuration
in .subversion/servers by adding a new group, i.e.
[groups]
mygroup = my.server.example.net
and then adding the configuration under the group, i.e.
[mygroup]
ssl-client-cert-file = /path/to/the/client/cert/mygroup.p12
This does work so far.
What I do want to do now though is to assign specific certificates
depending on which directory I access on this svn server; i.e
[groups]
mygroup = my.server.example.net/svn/myrepo1
mygroup2 = my.server.example.net/svn/myrepo2
[mygroup]
ssl-client-cert-file = /path/to/the/client/cert/mygroup.p12
[mygroup2]
ssl-client-cert-file = /path/to/the/client/cert/mygroup2.p12
This does not work so far.
As I understand it, svn simply tries to match the hostname of the server
against the patterns under [groups] but not the rest of the URI.
Is there a way to change this, or configure svn to match the full URI
against the pattern?
- --
Bernd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJMRvfhAAoJENUwDGtuxH+UCtcIAKH0jnhFoyKtf84KIBmKKTBJ
51ikA9DMctHkD2D7oH/xKna13Yy/h5+F3uqGOIaH95ZqUnbDSsR1wMuXJ2dZ3oCV
v4PB8/tGfU5eSX6tgiXMu09aGfD+3BlCIzcpx3M7xxtoLrD53NUMZwHQK6L7Zdx5
3tG1mSH2Vmm0OIEgQpBZFHvit2FRqGMq/CUa33YLcwMc0wQTSYpoqUyp6YAP1x0e
rvEDxPEIu+AObZ+kVMK24yUSTCWPKSd7V53B+jCpHJSZysA6fMpxaYhoRPD8pvOW
4XDiPanKM5pQdlYWRW54OFRj3jr5E9w5wjX5D0x2HfEKqHU0hx/QtWI02FrPxWA=
=aM9Y
-----END PGP SIGNATURE-----
Re: Subversion client ssl cert configuration
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Bernd May wrote on Wed, Jul 21, 2010 at 15:36:34 +0200:
> What I do want to do now though is to assign specific certificates
> depending on which directory I access on this svn server; i.e
> [groups]
> mygroup = my.server.example.net/svn/myrepo1
> mygroup2 = my.server.example.net/svn/myrepo2
> [mygroup]
> ssl-client-cert-file = /path/to/the/client/cert/mygroup.p12
> [mygroup2]
> ssl-client-cert-file = /path/to/the/client/cert/mygroup2.p12
>
> This does not work so far.
>
> As I understand it, svn simply tries to match the hostname of the server
> against the patterns under [groups] but not the rest of the URI.
>
> Is there a way to change this, or configure svn to match the full URI
> against the pattern?
>
Haven't checked the code, but I wouldn't be surprised if this was hard wired.
(Probably part of the code is in libsvn_ra_{serf,neon} and part in
libsvn_subr.) Could you provide multiple files to the ssl-client-cert-file
setting? Or just concatenate all certs into one big file
(mygroup1-and-mygroup2.p12) and then point to that?
Daniel
(sorry, I don't have time to dive into the source myself right this second.)
> - --
> Bernd
> -----BEGIN PGP SIGNATURE-----