You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by St...@sungard.com on 2006/06/07 19:08:05 UTC

RE: Client Certificate Authentication/Authorization (Bad) Log Entries

> From: Stefan Küng <to...@gmail.com> [mailto:Stefan Küng
<to...@gmail.com>]

> Sent: Tuesday, May 23, 2006 2:41 PM

> To: Steve.Craft@sungard.com

> Subject: Re: Client Certificate Authentication/Authorization (Bad) Log
Entries

>

>

> Steve.Craft@sungard.com wrote:

> >

> >

> > It appears that I am getting the same kind of message when using svn
(eg

> > 'svn co'). I was using the latest Tortoise and svn 1.3.0, I'm
installing

> > svn 1.3.1 now to see if it makes a difference - clients are Win32, so

> > OpenSSL support is baked in, right?

>

> Yes, OpenSSL is linked with svn as well as TortoiseSVN.

> If it still fails with svn 1.3.1, you have to report this on the

> Subversion mailing list (first try users@subversion.tigris.org, if you

> don't get far there, go to dev@subversion.tigris.org).







Apolgies for not getting back to this sooner. My issues were not with
Tortoise or Subversion per se:



     1. My Apache configuration needed some additional,

        explicit directives because of the server's location

        behind load-balanced routers and firewalls (I didn't know about

        the electronics between the server and clients until

        late in my troubleshooting).



     2. My client-side certificates needed additional information

        embedded in them to make the SSL handshake "cleaner".



The above are things that I never had to do with past Subversion+Tortoise
installations, but previous installations were always in a less
Byzantine/secure environment.



The error reporting on the server side led me to a lot of guessing and
trial-and-error. I think a lot more verbose reporting would have shown me
"what's what" a lot sooner, but as of now I'm not clear if the reporting
should have come from Apache or the Subversion-supplied .so (or the svn or
Tortoise client). My troubleshooting friend was OpenSSL itself; I used it
in "immediate mode" to speak directly to the server to understand what
was/not happening.





Thanks to all in the community for your help!


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org