Re: Bug in ra_serf with client certificates

From: Thomas Åkesson <thomas_at_akesson.cc>
Date: Fri, 21 Feb 2014 11:32:01 +0100

On 28 jan 2014, at 14:37, Lieven Govaerts <lgo_at_apache.org> wrote:

> On Tue, Jan 28, 2014 at 1:53 PM, Branko Čibej <brane_at_wandisco.com> wrote:
>
>> [Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671
>> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return
>> a certificate No CAs known to server for verification?
>>
>>
>> The bug, as I see it, is that in this case, the command-line client doesn't
>> ask for different credentials. Shouldn't we be transforming (or wrapping)
>> SERF_ERROR_AUTHN_FAILED to SVN_ERR_RA_NOT_AUTHORIZED?
>
> The command line client doesn't ask for a client certificate, it
> should be defined correctly in the servers file using:
> ssl-client-cert-file
> ssl-client-cert-password

Sorry, I am late to this party. Just got confused by this statement that command line client does not ask.

svn info https://secure.example.com
Autentiseringsregion (realm): https://secure.example.com:443
Filnamn för klientcertifikat:

This happened to become Swedish but the last line asks for a filename of client cert. This was 1.7.7 that I had on an old test machine.

Attempting this on 1.8 gives an SSL error as this thread has already stated.

Thanks,
Thomas Å.
Received on 2014-02-21 11:32:43 CET

This message: [ Message body ]
Next message: Nico Kadel-Garcia: "Re: Apache Subversion 1.8.8 released"
Previous message: Stefan Sperling: "Re: svn commit: r1570434 - /subversion/trunk/subversion/svnserve/cyrus_auth.c"
Next in thread: Markus Schaber: "AW: Bug in ra_serf with client certificates"
Reply: Markus Schaber: "AW: Bug in ra_serf with client certificates"
Reply: Bert Huijben: "RE: Bug in ra_serf with client certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]