Re: Bug in ra_serf with client certificates
On 28.01.2014 13:53, Branko Čibej wrote:
> I just got a private report from a user that has a setup with a
> private certificate. This user happened to select the wrong
> certificate for a server, and got the following response:
> svn: E120171: Unable to connect to a repository at URL 'https://example.com/svn/foobar'
> svn: E120171: Error running context: An error occurred during SSL communication
> This the error code E120171 comes from Serf and apparently means
> SERF_ERROR_AUTHN_FAILED. There's corroboration in the server log:
> [Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
> The bug, as I see it, is that in this case, the command-line client
> doesn't ask for different credentials. Shouldn't we be transforming
> (or wrapping) SERF_ERROR_AUTHN_FAILED to SVN_ERR_RA_NOT_AUTHORIZED?
To follow up, apparently the command-line client never even asks for a
client cert ... even when ~/.subverion/auth is completely removed.
Branko Čibej | Director of Subversion
WANdisco // Non-Stop Data
Received on 2014-01-28 14:17:52 CET
This is an archived mail posted to the Subversion Dev