Bug in ra_serf with client certificates

From: Branko Čibej <brane_at_wandisco.com>
Date: Tue, 28 Jan 2014 13:53:48 +0100

I just got a private report from a user that has a setup with a private
certificate. This user happened to select the wrong certificate for a
server, and got the following response:

svn: E120171: Unable to connect to a repository at URL 'https://example.com/svn/foobar'
svn: E120171: Error running context: An error occurred during SSL communication

This the error code E120171 comes from Serf and apparently means
SERF_ERROR_AUTHN_FAILED. There's corroboration in the server log:

[Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?

The bug, as I see it, is that in this case, the command-line client
doesn't ask for different credentials. Shouldn't we be transforming (or
wrapping) SERF_ERROR_AUTHN_FAILED to SVN_ERR_RA_NOT_AUTHORIZED?

-- Brane

-- 
Branko Čibej | Director of Subversion
WANdisco // Non-Stop Data
e. brane_at_wandisco.com

Received on 2014-01-28 13:54:28 CET

This message: [ Message body ]
Next message: Branko Čibej: "Re: Bug in ra_serf with client certificates"
Previous message: Bert Huijben: "RE: 1.9 issues"
Next in thread: Branko Čibej: "Re: Bug in ra_serf with client certificates"
Reply: Branko Čibej: "Re: Bug in ra_serf with client certificates"
Reply: Lieven Govaerts: "Re: Bug in ra_serf with client certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]