[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Configuring mod_ssl for subverion. (AAARGH!!!)

From: Chris Rose <offby1_at_gmail.com>
Date: 2004-12-29 02:21:12 CET

Well, this has been an odyssey.

I'm running a debian-based distro for my svn server, with apache 2
with mod_ssl installed (And working, at least somewhat)

mod_dav_svn works as well, as does mod_authz_svn, as far as I am able to tell.

I am able to browse my repository just fine at
http://host.domain/repo/personal/ and also at
https://host.domain/repo/personal, using a web browser. However, when
I try to connect using the command line client:

svn co http://host.domain/repo/personal/project1 .

I get three consecutive requests for a client key:

Authentication realm: https://host.domain:443
Client certificate filename: ...

This happens twice (six requests) in a checkout, or once in an update
(three requests) and then the update/checkout/other operation proceeds
apparently as normal.

I have, I thought, created valid and working CA certificates from the
instructions at
http://svn.red-bean.com/viewcvs/main/3bits/servercert_3bits.txt?rev=127

These are loaded in the virtual server definition for Apache using the lines
        SSLCACertificatePath /etc/apache2/svn/private
        SSLCACertificateFile /etc/apache2/svn/private/ca.crt
        SSLCertificateFile /etc/apache2/svn/private/server.crt
        SSLCertificateKeyFile /etc/apache2/svn/private/server.key

I then created a server.pem file for my client with the instructions here:
http://www.pseudonym.org/ssl/ssl_apache.html

And converted it to a pem certificate with the instructions on the
red-bean site.

However, this does not seem to work.

Can someone help me out here? I don't *need* ssl working, but I'm
leery of doing all my development from school without it, and I can
only guarantee that port 80 will work for me, not anything else, so
svn+ssh isn't an option. As a consequence, I'd like to get mod_ssl to
do what I want it to.

Is there a step-by-step "Create a CA, a server cert, and any number of
client certs" instruction set for making this work? I'm more than
willing to provide domain name specifics and apache2 configuration
info (A lot of oddly organized include files) to anyone who is willing
to help me out.

-- 
Chris R.
======
Not to be taken literally, internally, or seriously.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 29 02:23:54 2004

This is an archived mail posted to the Subversion Users mailing list.