[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Client Certificate Authentication/Authorization?

From: Pierre Couderc <pierre_at_couderc.cc>
Date: 2006-05-18 20:04:17 CEST

There is some bug in some old version of Apache that makes
"renegotiation" of certificate difficult. I have not successed on Apache
under debian sarge.
I do not know for Windows (so I should not post...) but my solution
under debian has proved useful, and can maybe be ported on Windows:
I use svn not under usual https port(443), but under a dedicated port in
my case https://www.tol..fr:5989/svn/trunk...
Anyway, i did not try with certificates and accepted a crypted password
solution, but it could work with certificate, as the fact of changing of
port may eliminate the need for "renegotiation".
Sorry for so many "could" or "may"...

PC

Steve.Craft@sungard.com a écrit :
>
>
> Server is Win32, Svn + Apache. Apache uses client-certificate-only for auth
> (http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular), so
> everyone can view parts of the system but only those with internal
> CA-issued client certs can access my /svn structure.
>
>
>
> I can browse https://theserver/svn/myrepos, get prompted for the client
> cert, select it, and browse.
>
>
>
> Using Tortoise, if I use the Repo Browser on the same URI:
>
>
>
> 1.
>
> Prompt window comes up -
>
> "Error validating server certificate...."
>
> But that does not happen when using IE or Firefox (because I already
> installed the cert).
>
>
>
> Where does Tortoise keep it's list of trusted Cas?
>
>
>
>
>
> I choose to accept the prompt and accept the server certificate
> permanently.
>
>
>
> 2.
>
> The browser shows the tree hierarchy down to the specified path, but if I
> expand another directory to go another level deeper, I see -
>
> "Error *PROPFIND request failed on '/svn......'"
>
> The Apache log says -
>
> [Thu May 18 13:36:47 2006] [error] Re-negotiation handshake failed: Not
> accepted by client!?
>
>
>
> I reckon there is something missing from my Tortoise configuration, but
> what is it?
>
>
>
> Thanks.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: users-help@tortoisesvn.tigris.org
Received on Thu May 18 20:05:04 2006

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.