[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Bug in ra_serf with client certificates

From: Branko Čibej <brane_at_wandisco.com>
Date: Tue, 28 Jan 2014 13:53:48 +0100

I just got a private report from a user that has a setup with a private
certificate. This user happened to select the wrong certificate for a
server, and got the following response:

svn: E120171: Unable to connect to a repository at URL 'https://example.com/svn/foobar'
svn: E120171: Error running context: An error occurred during SSL communication

This the error code E120171 comes from Serf and apparently means
SERF_ERROR_AUTHN_FAILED. There's corroboration in the server log:

[Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?

The bug, as I see it, is that in this case, the command-line client
doesn't ask for different credentials. Shouldn't we be transforming (or
wrapping) SERF_ERROR_AUTHN_FAILED to SVN_ERR_RA_NOT_AUTHORIZED?

-- Brane

-- 
Branko Čibej | Director of Subversion
WANdisco // Non-Stop Data
e. brane_at_wandisco.com
Received on 2014-01-28 13:54:28 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.