You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by St...@sungard.com on 2006/06/07 19:08:05 UTC
RE: Client Certificate Authentication/Authorization (Bad) Log Entries
> From: Stefan Küng <to...@gmail.com> [mailto:Stefan Küng
<to...@gmail.com>]
> Sent: Tuesday, May 23, 2006 2:41 PM
> To: Steve.Craft@sungard.com
> Subject: Re: Client Certificate Authentication/Authorization (Bad) Log
Entries
>
>
> Steve.Craft@sungard.com wrote:
> >
> >
> > It appears that I am getting the same kind of message when using svn
(eg
> > 'svn co'). I was using the latest Tortoise and svn 1.3.0, I'm
installing
> > svn 1.3.1 now to see if it makes a difference - clients are Win32, so
> > OpenSSL support is baked in, right?
>
> Yes, OpenSSL is linked with svn as well as TortoiseSVN.
> If it still fails with svn 1.3.1, you have to report this on the
> Subversion mailing list (first try users@subversion.tigris.org, if you
> don't get far there, go to dev@subversion.tigris.org).
Apolgies for not getting back to this sooner. My issues were not with
Tortoise or Subversion per se:
1. My Apache configuration needed some additional,
explicit directives because of the server's location
behind load-balanced routers and firewalls (I didn't know about
the electronics between the server and clients until
late in my troubleshooting).
2. My client-side certificates needed additional information
embedded in them to make the SSL handshake "cleaner".
The above are things that I never had to do with past Subversion+Tortoise
installations, but previous installations were always in a less
Byzantine/secure environment.
The error reporting on the server side led me to a lot of guessing and
trial-and-error. I think a lot more verbose reporting would have shown me
"what's what" a lot sooner, but as of now I'm not clear if the reporting
should have come from Apache or the Subversion-supplied .so (or the svn or
Tortoise client). My troubleshooting friend was OpenSSL itself; I used it
in "immediate mode" to speak directly to the server to understand what
was/not happening.
Thanks to all in the community for your help!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org