You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Jason Vasquez <ja...@obiwan.homelinux.org> on 2003/08/25 23:00:36 UTC
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sorry, I know this is bad form to keep replying to myself, but I did want
to include as much info as possible.
I believe I've tracked down the problem, but have no solution at this
point.
I did a network trace and logged the raw output that Apache is responding
with. (Maybe there's a way to do this with the svn command? I didn't see
how) Basically, I'm requesting through a URI in the form of
https://..../.., but the repository (behind the proxy) is located at a URI
of http://.../.... (no ssl)
This seems to me that it will become a larger problem in the future, as a
couple of large corporations I've consulted in put their webservers behind
load balancers/reverse proxies (e.g., F5), even when there is only one box
behind.
Here is the sent headers and response (i've filtered the response for the
sake of readability)
sent>>>>>>
COPY /svn/test/!svn/bc/5/foo.txt HTTP/1.1
Host: obiwan.homelinux.org
User-Agent: neon/0.23.9 SVN/0.28.0 (dev build)
Connection: TE
TE: trailers
Depth: 0
Destination:
https://obiwan.homelinux.org/svn/test/!svn/wrk/6dc7a188-bfc5-0310-8547-959581d903a1/bar.txt
Overwrite: T
Authorization: Basic amFzb246anVseTQxcGll
X-Pound-SSL: Yes
X-Forwarded-For: 127.0.0.1
response<<<<<<<
Bad Gateway
Destination URI refers to different scheme or port
(https://hostname:443)
(want: http://hostname:9090)
Note that none of the other commands include the Destination header -- is
this something required by DAV, or added by the subversion client?
- -jason
On Mon, 25 Aug 2003, Jason Vasquez wrote:
> I thought it might be helpful to include the apache access log from this
> transaction -- this request DOES seem to be making it through to apache
> OK (you can see the 502 in this log as well):
> ...<snip/>
- --
- -------------------------------------------------------------------
| | |
| Jason Vasquez | When their numbers dwindled from |
| jason@obiwan.homelinux.org | 50 to 8, the other dwarves began |
| http://obiwan.homelinux.org | to suspect Hungry. |
| | |
|------------------------------------------------------------------
| Public Key: http://obiwan.homelinux.org/~jason/pubkey.txt |
- -------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/SpUWY6zA1HI6auYRApWAAJ4oJ/QoSSDoDEsWMhl5l8oHbxkKSwCeMNX+
mmERmjBZ7EheW5cERa/YkUA=
=vOFE
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Michael Wood <mw...@its.uct.ac.za>.
On Tue, Aug 26, 2003 at 01:11:03PM -0500, Jason Vasquez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 26 Aug 2003, Ben Collins-Sussman wrote:
> > > ServerAlias, etc.) -- unfortunately, that doesn't really apply here, since
> > > the URI scheme (not just the hostname) is different.
> >
> > Can you be more specific? Give more context? Point to discussion threads?
>
> In this particular scenario, the web server that the client sees is
> accessible via https. In fact, this is a reverse/transparent/etc proxy,
> that is funneling request back to an actual Apache server that is NOT
> running ssl. The COPY command from the client is supplying a Destination
> header of https://.../ (which the proxy does not modify). Apache/DAV/SVN
> is expecting to see a Destination in the form of http://.../. It appears
> to be bombing since the schemes differ (although the rest of the URL path
> will be the same)
This is a bug in your reverse proxy. It should be rewriting the https
to http in the header.
> I see several possible solutions here:
>
> 1. Do something in the svn client to have a special case to specify a
> Destination "root" for particular hosts
>
> 2. Have the proxy modify the Destination header before passing it back
> to the backend server.
[snip]
This is the right solution.
--
Michael Wood <mw...@its.uct.ac.za>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Ben Collins-Sussman <su...@collab.net>.
Jason Vasquez <ja...@obiwan.homelinux.org> writes:
> I see several possible solutions here:
>
> 1. Do something in the svn client to have a special case to specify a
> Destination "root" for particular hosts
>
> 2. Have the proxy modify the Destination header before passing it back
> to the backend server.
>
> 3. Make mod_svn/dav/whatever not care if the scheme is different
> (although, this sounds like it breaks spec, and is not very portable
> to the ServerAlias/ServerName problem)
>
> Hmm - now that I think about it, option 3 might in fact work well, if
> there are some additional Apache config directives to add additional
> allowable Destination URI's for a SVN root.
Time for Greg Stein to comment on this problem. Greg? :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Jason Vasquez <ja...@obiwan.homelinux.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 26 Aug 2003, Christian Sauer wrote:
> I think you missed the rest of the comment where pound has to be *compiled* to
> support this:
Nope :) I have compiled this support in. In fact, I distribute an RPM
for RedHat 9 from my homepage if anyone is interested:
http://obiwan.homelinux.org/?page=projects (--enable-msdav is enabled in
that binary)
The RPM includes an ugly patch I created to do some different handling of
logfiles - I will probably be backing out that patch from the RPM
at some point and using a different mechanism instead. (but we digress
into a purely Pound discussion here :))
- -jason
- --
- -------------------------------------------------------------------
| | |
| Jason Vasquez | When their numbers dwindled from |
| jason@obiwan.homelinux.org | 50 to 8, the other dwarves began |
| http://obiwan.homelinux.org | to suspect Hungry. |
| | |
|------------------------------------------------------------------
| Public Key: http://obiwan.homelinux.org/~jason/pubkey.txt |
- -------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/S/eFY6zA1HI6auYRAtU9AJ9MwOZsb5foDxzHBhXRtCkvBuW8+ACg5HBq
pfiq2uoUSZd4rfqbhmDX/7E=
=D3EZ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Christian Sauer <ch...@endrun.org>.
Jason Vasquez said:
> On Tue, 26 Aug 2003, Christian Sauer wrote:
>> Actually...it appears that Pound has already accounted for this.
>
> FYI, I am using the latest version of Pound, and have 'WebDAV 1' enabled.
> Essentially, everything works great except for commands such as COPY which
> include a Destination: header -- I do not think Pound does anything about
> that, they are just passed along as the client sends them.
>
I think you missed the rest of the comment where pound has to be *compiled* to
support this:
<clip>
Rather then change Pound to accept these characters (which could create some
serious issues with security on other systems) we have made this behavior
dependent on a compile-time switch. This is not accessible through the config
file - you'll have to add -DMSDAV to the CFLAGS in the Makefile (or run
configure --enable-msdav). You are free to do so, but be aware of what the
implications are!
</clip>
-Christian
--
God put me on earth to accomplish a certain number of things.
Right now I am so far behind I will never die.
-Bill Waterson, Calvin and Hobbes
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by rb...@rkbloom.net.
Which actually proves my point. The most recent version of pound can be
used with subversion, but older ones can't. The only place to really
solve this problem is in Apache itself.
Ryan
On Tue, 26 Aug 2003, Christian Sauer wrote:
>
> Ben Collins-Sussman said:
> > <rb...@rkbloom.net> writes:
> >
> >> So instead, mod_dav is going to need to provide a directive somewhat
> >> analagous to alias. Essentially allowing mod_dav to rewrite a
> >> Destination header to remove proxy information.
> >
> > I just had a chat with Greg Stein about this, and we don't like this
> > idea. It was the proxy that rewrote the URLs, and didn't do the whole
> > job. It should be rewriting the Destination: header as well. "If you
> > broke it, you fix it" -- it's not mod_dav's job to clean up up after
> > the proxy's mess.
> >
> > Pound is open-source, so it seems quite likely that it can be fixed
> > relatively easily.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
> >
>
> Don't mean to step in on this thread (I've been lurking for a couple weeks).
>
> Actually...it appears that Pound has already accounted for this.
>
> I pulled this off the Pound website (had to use a google cache for it)
>
> WebDAV
>
> As of version 1.0 Pound supports the full WebDAV command-set. In fact, it has
> been tested and is known to (almost) work with the Microsoft Outlook Web
> Gateway, which is quite remarkable given that Microsoft's own proxy does not.
>
> Regrettably, Microsoft adherence to standards leaves something to be desired:
> they decided to add some characters to their URL's - thus breaking a whole set
> of RFC's.
>
> Rather then change Pound to accept these characters (which could create some
> serious issues with security on other systems) we have made this behavior
> dependent on a compile-time switch. This is not accessible through the config
> file - you'll have to add -DMSDAV to the CFLAGS in the Makefile (or run
> configure --enable-msdav). You are free to do so, but be aware of what the
> implications are!
>
> In addition to this flag you must specify WebDAV 1 in the config file. If you
> also use the SSL wrapper feature in front of a Microsoft server you should
> probably also add HTTPSHeaders 1 "Front-End-Https: on".
>
> These changes are also required to access a Subversion server via Pound.
>
>
>
> -Christian (not currently, but soon to be subversion user)
>
> --
> God put me on earth to accomplish a certain number of things.
> Right now I am so far behind I will never die.
>
> -Bill Waterson, Calvin and Hobbes
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Jason Vasquez <ja...@obiwan.homelinux.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 26 Aug 2003, Christian Sauer wrote:
> Actually...it appears that Pound has already accounted for this.
FYI, I am using the latest version of Pound, and have 'WebDAV 1' enabled.
Essentially, everything works great except for commands such as COPY which
include a Destination: header -- I do not think Pound does anything about
that, they are just passed along as the client sends them.
I'll drop the discussion for my part at this point, and see if I can make
any modification to Pound to make this work. Though my opinion doesn't
count too much at this point, I agree with Ryan that Pound and maybe a
couple other proxies may be able to adjust, but I doubt Subversion will be
able to work behind many other commercial proxies with a similar setup.
(Until at least this restriction against relative URI's is lifted in a
later RFC Rev/mod_dav release)
- -jason
P.S., I can't seem to resolve the DNS name for the Pound homepage anymore
(http://www.apsis.ch/pound/) I wonder if they're just having a bad day?
- --
- -------------------------------------------------------------------
| | |
| Jason Vasquez | When their numbers dwindled from |
| jason@obiwan.homelinux.org | 50 to 8, the other dwarves began |
| http://obiwan.homelinux.org | to suspect Hungry. |
| | |
|------------------------------------------------------------------
| Public Key: http://obiwan.homelinux.org/~jason/pubkey.txt |
- -------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/S/QcY6zA1HI6auYRAns/AKCRtkE6ph4DvuUXOA2/cudcWBdx8gCdFX5C
XBypYokz2VR2Q2HrEmFdapU=
=pGu5
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Christian Sauer <ch...@endrun.org>.
Ben Collins-Sussman said:
> <rb...@rkbloom.net> writes:
>
>> So instead, mod_dav is going to need to provide a directive somewhat
>> analagous to alias. Essentially allowing mod_dav to rewrite a
>> Destination header to remove proxy information.
>
> I just had a chat with Greg Stein about this, and we don't like this
> idea. It was the proxy that rewrote the URLs, and didn't do the whole
> job. It should be rewriting the Destination: header as well. "If you
> broke it, you fix it" -- it's not mod_dav's job to clean up up after
> the proxy's mess.
>
> Pound is open-source, so it seems quite likely that it can be fixed
> relatively easily.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
Don't mean to step in on this thread (I've been lurking for a couple weeks).
Actually...it appears that Pound has already accounted for this.
I pulled this off the Pound website (had to use a google cache for it)
WebDAV
As of version 1.0 Pound supports the full WebDAV command-set. In fact, it has
been tested and is known to (almost) work with the Microsoft Outlook Web
Gateway, which is quite remarkable given that Microsoft's own proxy does not.
Regrettably, Microsoft adherence to standards leaves something to be desired:
they decided to add some characters to their URL's - thus breaking a whole set
of RFC's.
Rather then change Pound to accept these characters (which could create some
serious issues with security on other systems) we have made this behavior
dependent on a compile-time switch. This is not accessible through the config
file - you'll have to add -DMSDAV to the CFLAGS in the Makefile (or run
configure --enable-msdav). You are free to do so, but be aware of what the
implications are!
In addition to this flag you must specify WebDAV 1 in the config file. If you
also use the SSL wrapper feature in front of a Microsoft server you should
probably also add HTTPSHeaders 1 "Front-End-Https: on".
These changes are also required to access a Subversion server via Pound.
-Christian (not currently, but soon to be subversion user)
--
God put me on earth to accomplish a certain number of things.
Right now I am so far behind I will never die.
-Bill Waterson, Calvin and Hobbes
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by rb...@rkbloom.net.
On 26 Aug 2003, Ben Collins-Sussman wrote:
> <rb...@rkbloom.net> writes:
>
> > So instead, mod_dav is going to need to provide a directive somewhat
> > analagous to alias. Essentially allowing mod_dav to rewrite a
> > Destination header to remove proxy information.
>
> I just had a chat with Greg Stein about this, and we don't like this
> idea. It was the proxy that rewrote the URLs, and didn't do the whole
> job. It should be rewriting the Destination: header as well. "If you
> broke it, you fix it" -- it's not mod_dav's job to clean up up after
> the proxy's mess.
>
> Pound is open-source, so it seems quite likely that it can be fixed
> relatively easily.
While that will work for Pound, what are you going to do the first time
somebody reports the same exact problem with a non-open source proxy?
There are a lot of load balancers that aren't going to modify the
destination header for you. And even worse, are the simplistic load
balancing situations using mod_rewrite, which _can't_ rewrite the header.
Yes, the proxy caused the problem, but mod_dav is going to end up fixing
it at some point. Does it suck, yeah. But bite the bullet and do it,
because this is an easy fix that makes subversion work with all proxies
instead of requiring every proxy to fix a bug that they are all likely to
have.
The closest thing that I could find like the destination header is the
content-location header, except that it is allowed to specify a relative
URI. If destination had been allowed to specify a relative URI, you
wouldn't have this problem, but it isn't, so you do. I think this is one
of those cases where it would be far better to be lenient in what you
accept than to ask every proxy author to try to modify their existing
products. Remember, than older proxy servers aren't going to know
anything about the Destination header, and are thus far less likely to be
able to modify it correctly.
Ryan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Ben Collins-Sussman <su...@collab.net>.
<rb...@rkbloom.net> writes:
> So instead, mod_dav is going to need to provide a directive somewhat
> analagous to alias. Essentially allowing mod_dav to rewrite a
> Destination header to remove proxy information.
I just had a chat with Greg Stein about this, and we don't like this
idea. It was the proxy that rewrote the URLs, and didn't do the whole
job. It should be rewriting the Destination: header as well. "If you
broke it, you fix it" -- it's not mod_dav's job to clean up up after
the proxy's mess.
Pound is open-source, so it seems quite likely that it can be fixed
relatively easily.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by rb...@rkbloom.net.
I realize that I'm not Greg, but I know a little something about this, so
I thought I would take a stab at offering a solution. :-) If I have time,
I'll try to create a patch too.
The problem is how mod_dav is handling the COPY command, and the bug is
likely going to need to be fixed in mod_dav. The problem is that mod_dav
is assuming that the URL that it receives is the same one that the user
typed in, which is likely to not be the case if the server is behind a
proxy.
The best thing to do would be to have mod_dav somehow make a
request for the URL in the Destination header to find the local
destination. But, that would be a somewhat scary hole to open up on the
server.
So instead, mod_dav is going to need to provide a directive somewhat
analagous to alias. Essentially allowing mod_dav to rewrite a
Destination header to remove proxy information. Something along the lines
of:
DAVAlias https://www.foo.com/ http://www.foo.com/
This would change all Destination headers from https://www.foo.com/... to
http://www.foo.com/...
Ryan
On Tue, 26 Aug 2003, Jason Vasquez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 26 Aug 2003, Ben Collins-Sussman wrote:
> > > ServerAlias, etc.) -- unfortunately, that doesn't really apply here, since
> > > the URI scheme (not just the hostname) is different.
> >
> > Can you be more specific? Give more context? Point to discussion threads?
>
> In this particular scenario, the web server that the client sees is
> accessible via https. In fact, this is a reverse/transparent/etc proxy,
> that is funneling request back to an actual Apache server that is NOT
> running ssl. The COPY command from the client is supplying a Destination
> header of https://.../ (which the proxy does not modify). Apache/DAV/SVN
> is expecting to see a Destination in the form of http://.../. It appears
> to be bombing since the schemes differ (although the rest of the URL path
> will be the same)
>
> I see several possible solutions here:
>
> 1. Do something in the svn client to have a special case to specify a
> Destination "root" for particular hosts
>
> 2. Have the proxy modify the Destination header before passing it back
> to the backend server.
>
> 3. Make mod_svn/dav/whatever not care if the scheme is different
> (although, this sounds like it breaks spec, and is not very portable
> to the ServerAlias/ServerName problem)
>
> Hmm - now that I think about it, option 3 might in fact work well, if
> there are some additional Apache config directives to add additional
> allowable Destination URI's for a SVN root.
>
> I believe that this thread (that you started :)) refers to the same
> situation, only in that case it had to do with Apache ServerNames:
> http://subversion.tigris.org/servlets/BrowseList?list=dev&by=thread&from=44701
>
> I haven't seen anything yet related to a difference in the request URI
> scheme.
>
>
> > I don't understand how this scenario happened: how is it possible for
> > your svn client to generate an http:// COPY request with a destination
> > header to an https:// url?
> (hopefully the above discussion explains this)
>
> - --
> - -------------------------------------------------------------------
> | | |
> | Jason Vasquez | When their numbers dwindled from |
> | jason@obiwan.homelinux.org | 50 to 8, the other dwarves began |
> | http://obiwan.homelinux.org | to suspect Hungry. |
> | | |
> |------------------------------------------------------------------
> | Public Key: http://obiwan.homelinux.org/~jason/pubkey.txt |
> - -------------------------------------------------------------------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE/S6K6Y6zA1HI6auYRAi+0AJsFFiceGajcHK9ZqFZTwNL576ugjgCgmbbO
> XbRgxuz1qrOiFhEj+BJwsgA=
> =c2Jw
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Jason Vasquez <ja...@obiwan.homelinux.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26 Aug 2003, Ben Collins-Sussman wrote:
> > ServerAlias, etc.) -- unfortunately, that doesn't really apply here, since
> > the URI scheme (not just the hostname) is different.
>
> Can you be more specific? Give more context? Point to discussion threads?
In this particular scenario, the web server that the client sees is
accessible via https. In fact, this is a reverse/transparent/etc proxy,
that is funneling request back to an actual Apache server that is NOT
running ssl. The COPY command from the client is supplying a Destination
header of https://.../ (which the proxy does not modify). Apache/DAV/SVN
is expecting to see a Destination in the form of http://.../. It appears
to be bombing since the schemes differ (although the rest of the URL path
will be the same)
I see several possible solutions here:
1. Do something in the svn client to have a special case to specify a
Destination "root" for particular hosts
2. Have the proxy modify the Destination header before passing it back
to the backend server.
3. Make mod_svn/dav/whatever not care if the scheme is different
(although, this sounds like it breaks spec, and is not very portable
to the ServerAlias/ServerName problem)
Hmm - now that I think about it, option 3 might in fact work well, if
there are some additional Apache config directives to add additional
allowable Destination URI's for a SVN root.
I believe that this thread (that you started :)) refers to the same
situation, only in that case it had to do with Apache ServerNames:
http://subversion.tigris.org/servlets/BrowseList?list=dev&by=thread&from=44701
I haven't seen anything yet related to a difference in the request URI
scheme.
> I don't understand how this scenario happened: how is it possible for
> your svn client to generate an http:// COPY request with a destination
> header to an https:// url?
(hopefully the above discussion explains this)
- --
- -------------------------------------------------------------------
| | |
| Jason Vasquez | When their numbers dwindled from |
| jason@obiwan.homelinux.org | 50 to 8, the other dwarves began |
| http://obiwan.homelinux.org | to suspect Hungry. |
| | |
|------------------------------------------------------------------
| Public Key: http://obiwan.homelinux.org/~jason/pubkey.txt |
- -------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/S6K6Y6zA1HI6auYRAi+0AJsFFiceGajcHK9ZqFZTwNL576ugjgCgmbbO
XbRgxuz1qrOiFhEj+BJwsgA=
=c2Jw
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Ben Collins-Sussman <su...@collab.net>.
Jason Vasquez <ja...@obiwan.homelinux.org> writes:
> On 26 Aug 2003, Ben Collins-Sussman wrote:
> > > this something required by DAV, or added by the subversion client?
> > It's required by the WebDAV/DeltaV spec.
>
> Ben,
>
> Just caught up on the archives from the dev list, and see that similar
> issues have been discussed before (e.g., when you need to use Apache
> ServerAlias, etc.) -- unfortunately, that doesn't really apply here, since
> the URI scheme (not just the hostname) is different.
Can you be more specific? Give more context? Point to discussion threads?
> I wonder if something could be done with the svn client configuration to
> specify a Destination for a particular host, as is done for proxies, etc.
> now. That could possibly clear up problems for other cases as well....
I don't understand how this scenario happened: how is it possible for
your svn client to generate an http:// COPY request with a destination
header to an https:// url?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Jason Vasquez <ja...@obiwan.homelinux.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26 Aug 2003, Ben Collins-Sussman wrote:
> > this something required by DAV, or added by the subversion client?
> It's required by the WebDAV/DeltaV spec.
Ben,
Just caught up on the archives from the dev list, and see that similar
issues have been discussed before (e.g., when you need to use Apache
ServerAlias, etc.) -- unfortunately, that doesn't really apply here, since
the URI scheme (not just the hostname) is different.
I wonder if something could be done with the svn client configuration to
specify a Destination for a particular host, as is done for proxies, etc.
now. That could possibly clear up problems for other cases as well....
- -jason
- --
- -------------------------------------------------------------------
| | |
| Jason Vasquez | When their numbers dwindled from |
| jason@obiwan.homelinux.org | 50 to 8, the other dwarves began |
| http://obiwan.homelinux.org | to suspect Hungry. |
| | |
|------------------------------------------------------------------
| Public Key: http://obiwan.homelinux.org/~jason/pubkey.txt |
- -------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/S5mrY6zA1HI6auYRAr9QAJ96fRRlMVcOxn8VqVObO0T+kt/aiACg6Eck
trJ7xsnHrB6rox/z//Qhmuk=
=I1ht
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Access to subversion via Pound/SSL+Apache/DAV (add'l info)
Posted by Ben Collins-Sussman <su...@collab.net>.
Jason Vasquez <ja...@obiwan.homelinux.org> writes:
> Note that none of the other commands include the Destination header -- is
> this something required by DAV, or added by the subversion client?
It's required by the WebDAV/DeltaV spec.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org