[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: Bug in ra_serf with client certificates

From: Markus Schaber <m.schaber_at_codesys.com>
Date: Fri, 21 Feb 2014 10:56:34 +0000

Hi, all,

Von: Thomas Åkesson [mailto:thomas_at_akesson.cc]
>
> On 28 jan 2014, at 14:37, Lieven Govaerts <lgo_at_apache.org> wrote:
>
> > On Tue, Jan 28, 2014 at 1:53 PM, Branko Čibej <brane_at_wandisco.com> wrote:
> >
> >> [Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671
> >> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> >> return a certificate No CAs known to server for verification?
> >>
> >>
> >> The bug, as I see it, is that in this case, the command-line client
> >> doesn't ask for different credentials. Shouldn't we be transforming
> >> (or wrapping) SERF_ERROR_AUTHN_FAILED to SVN_ERR_RA_NOT_AUTHORIZED?
> >
> > The command line client doesn't ask for a client certificate, it
> > should be defined correctly in the servers file using:
> > ssl-client-cert-file
> > ssl-client-cert-password
>
> Sorry, I am late to this party. Just got confused by this statement that
> command line client does not ask.
>
> svn info https://secure.example.com
> Autentiseringsregion (realm): https://secure.example.com:443 Filnamn för
> klientcertifikat:
>
> This happened to become Swedish but the last line asks for a filename of
> client cert. This was 1.7.7 that I had on an old test machine.
>
> Attempting this on 1.8 gives an SSL error as this thread has already stated.

I remember testing this about one year ago. 1.7 did prompt, but not save the
certificate file (neither path nor content) in the auth store, so it would
prompt again and again on each connection attempt. Thus, setting it in the
configuration was the only sensible way to use client certificates.

Best regards

Markus Schaber

CODESYS® a trademark of 3S-Smart Software Solutions GmbH

Inspiring Automation Solutions

3S-Smart Software Solutions GmbH
Dipl.-Inf. Markus Schaber | Product Development Core Technology
Memminger Str. 151 | 87439 Kempten | Germany
Tel. +49-831-54031-979 | Fax +49-831-54031-50

E-Mail: m.schaber@codesys.com | Web: http://www.codesys.com | CODESYS store: http://store.codesys.com
CODESYS forum: http://forum.codesys.com

Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915
Received on 2014-02-21 11:57:18 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.