[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SSL client cert + PAM authentication

From: Christopher Huhn <C.Huhn_at_gsi.de>
Date: 2007-07-13 12:52:02 CEST

According to the users@... archives, my first mail did not get through,
though I did not receive an error. I resend it, please excuse if you
receive it twice:

Dear subversion gurus,

I'm currently trying to setup a SVN repository to use SSL client certs
as well as PAM (= HTTP basic) auth.

My configuration works well with web browsers (I can authenticate either
with a client cert or with username+password), but svn co command gives
me the apparently well known

  svn: PROPFIND request failed on '/bla'
  svn: PROPFIND of '/bla': Could not read status line: SSL error: sslv3
alert unexpected message (https://server)

So followed the tips and put "SSLVerifyClient optional" outside
<Location>, but when I try to checkout now:
   1 svn asks me for a client cert
   2 After I hit ctrl-c and give my user name and password I get: svn:
Caught signal

for ALL my repositories on this server, even those I don't want SSL
client cert auth at all. This cannot be overridden by putting
SSLVerifyClient none inside the <Location> blocks.

There's nothing in apache's error log, access log says:

client.gsi.de - - [12/Jul/2007:17:57:45 +0200] "PROPFIND /bla HTTP/1.1"
401 401 "-" "SVN/1.4.2 (r22196) neon/0.26.2"
client.gsi.de - username [12/Jul/2007:17:57:53 +0200] "PROPFIND /bla
HTTP/1.1" 207 649 "-" "SVN/1.4.2 (r22196) neon/0.26.2"
client.gsi.de - username "PROPFIND /bla/!svn/vcc/default HTTP/1.1" 207 403
client.gsi.de - username "PROPFIND /bla/!svn/bln/6992 HTTP/1.1" 207 460
client.gsi.de - username "PROPFIND /bla HTTP/1.1" 207 649
client.gsi.de - username "PROPFIND /bla/!svn/vcc/default HTTP/1.1" 207 403
client.gsi.de - username "PROPFIND /bla/!svn/bln/6992 HTTP/1.1" 207 460
client.gsi.de - username "PROPFIND /bla HTTP/1.1" 207 649
client.gsi.de - username "PROPFIND /bla/!svn/vcc/default HTTP/1.1" 207 403
client.gsi.de - username "PROPFIND /bla/!svn/bln/6992 HTTP/1.1" 207 460
client.gsi.de - username "PROPFIND /bla HTTP/1.1" 207 649
client.gsi.de - username "PROPFIND /bla/!svn/vcc/default HTTP/1.1" 207 460
client.gsi.de - username "PROPFIND /bla/!svn/bc/6992 HTTP/1.1" 207 662
client.gsi.de - username "PROPFIND /bla HTTP/1.1" 207 649

My installation: Server Debian Sarge with Apache 2.0.54-5sarge1 and
subversion 1.4.2dfsg1-2~bpo.1, Client Debian Etch with subversion
1.4.2dfsg1-2.

Grateful for any hints,
    Christopher

P.S.: Please cc me as I'm not subscribed to the list 

-- 
'We apologise for the inconvenience'
Dipl.-Inform. Christopher Huhn
Gesellschaft für Schwerionenforschung mbH
Planckstraße 1
D-64291 Darmstadt
www.gsi.de
Handelsregister: Amtsgericht Darmstadt, HRB 1528
Geschäftsführer: Professor Dr. Walter F. Henning, Dr. Alexander Kurz
Vorsitzende des Aufsichtsrates: Dr. Beatrix Vierkorn-Rudolph,
Stellvertreter: Ministerialdirigent Dr. Rolf Bernhardt
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 17 21:25:50 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.