SSL renegotiation

From: Martin v. Löwis <martin_at_v.loewis.de>
Date: 2003-05-13 00:05:37 CEST

It seems I can't get SSL handshake renegotiation to work. In my
httpd.conf, I have

<Location /playground>
  SSLVerifyClient require
  DAV svn
  SVNPath /export/svn/playground

SVNAutoversioning on
</Location>

i.e. I only require a client certificate for this repository, not for
the entire server. When I activate SSLVerifyClient globally, it works
fine. If I activate it as shown, I get

svn: RA layer request failed
svn: The path was not part of a repository
svn: PROPFIND of /: 405 Method Not Allowed

Setting neon-debug-mask=1023 reveals the following output, among other:

Sending request headers:
PROPFIND /payground HTTP/1.1
...
Doing SSL negotiation.
...
Request sent; retry is 0
[status-line] < HTTP/1.1 405 Method Not Allowed
[hdr] Date: Mon, 12 May 2003 21:30:46 GMT
...
Sending request headers:
PROPFIND / HTTP/1.1
[...]
Request sent; retry is 1
[status-line] < HTTP/1.1 405 Method Not Allowed

My interpretation is that the server, when the client asks for
/playground, offers to renegotiate SSL options. Subversion rejects
this, then the server rejects the request.

Any idea on how I could get this to work, or what else to try?

Regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue May 13 00:07:17 2003

This message: [ Message body ]
Next message: Greg Stein: "Re: svn commit: rev 5886 - trunk"
Previous message: Greg Stein: "Re: [PATCH] eliminate -noproxy flag to SWIG"
Next in thread: Joe Orton: "Re: SSL renegotiation"
Reply: Joe Orton: "Re: SSL renegotiation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]