The problem with that -- and I DID consider it -- is that there's at
least one person who needs read access to parts of the repository who
does not have a working svn client (for reasons I am neither qualified
to diagnose nor wish to get into) and as such has to access it via the
web. For security purposes, I would like to have this working with
ssl.
<snip my own grumpiness>
Basically, I don't have a domain, nor do I have a static IP and I am
not a server admin by trade. Is there any way for me, lacking as I do
those skills, to set up the repository to do what I need it to?
Obviously it can be done, since (I assume) there are people reading
this list right now that can do svn co https:// ... to check out a
project. *How* they do it, well, that's what I'd like to know.
On Wed, 29 Dec 2004 00:25:46 -0700, Kevin Williams <kevin@bantamtech.com> wrote:
> I faced the same problem once. I chose to have sshd listen on port 443
> as well as 22, so that I could use a firewall-acceptable port to connect
> to ssh. I then tunneled the server's port 3690 (svnserve) to my
> workstation and used svn://localhost.
>
> Yeah, it's a hack. By the time I get to the AAARGH!!! stage, I start
> hacking things together. ;)
>
>
> Chris Rose wrote:
> > Well, this has been an odyssey.
> >
> > I'm running a debian-based distro for my svn server, with apache 2
> > with mod_ssl installed (And working, at least somewhat)
> >
> > mod_dav_svn works as well, as does mod_authz_svn, as far as I am able to tell.
> >
> > I am able to browse my repository just fine at
> > http://host.domain/repo/personal/ and also at
> > https://host.domain/repo/personal, using a web browser. However, when
> > I try to connect using the command line client:
> >
> > svn co http://host.domain/repo/personal/project1 .
> >
> > I get three consecutive requests for a client key:
> >
> > Authentication realm: https://host.domain:443
> > Client certificate filename: ...
> >
> > This happens twice (six requests) in a checkout, or once in an update
> > (three requests) and then the update/checkout/other operation proceeds
> > apparently as normal.
> >
> > I have, I thought, created valid and working CA certificates from the
> > instructions at
> > http://svn.red-bean.com/viewcvs/main/3bits/servercert_3bits.txt?rev=127
> >
> > These are loaded in the virtual server definition for Apache using the lines
> > SSLCACertificatePath /etc/apache2/svn/private
> > SSLCACertificateFile /etc/apache2/svn/private/ca.crt
> > SSLCertificateFile /etc/apache2/svn/private/server.crt
> > SSLCertificateKeyFile /etc/apache2/svn/private/server.key
> >
> > I then created a server.pem file for my client with the instructions here:
> > http://www.pseudonym.org/ssl/ssl_apache.html
> >
> > And converted it to a pem certificate with the instructions on the
> > red-bean site.
> >
> > However, this does not seem to work.
> >
> > Can someone help me out here? I don't *need* ssl working, but I'm
> > leery of doing all my development from school without it, and I can
> > only guarantee that port 80 will work for me, not anything else, so
> > svn+ssh isn't an option. As a consequence, I'd like to get mod_ssl to
> > do what I want it to.
> >
> > Is there a step-by-step "Create a CA, a server cert, and any number of
> > client certs" instruction set for making this work? I'm more than
> > willing to provide domain name specifics and apache2 configuration
> > info (A lot of oddly organized include files) to anyone who is willing
> > to help me out.
>
> ----------
> Scanned for viruses by ClamAV
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
--
Chris R.
======
Not to be taken literally, internally, or seriously.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 29 09:38:18 2004