RE: Client Certificate Authentication/Authorization?
From: <Steve.Craft_at_sungard.com>
Date: 2006-05-18 20:51:57 CEST
Thanks, I tried making the following changes in ssl.conf:
<VirtualHost _default_:448>
DocumentRoot E:/.....
ServerName servername:448
ErrorLog logs/servername_error.log
TransferLog logs/servername_transfer.log
<Location /svn>
SSLVerifyClient require
SSLVerifyDepth 1
SSLOptions +FakeBasicAuth
DAV svn
SVNParentPath "e:/....."
AuthName "Subversion Repositories"
AuthType Basic
#Require valid-user
AuthUserFile "C:/......."
AuthzSVNAccessFile "........"
<LimitExcept GET HEAD OPTIONS REPORT CONNECT POST PUT DELETE PATCH
Order allow,deny
Allow from all
# Require valid-user
</LimitExcept>
</Location>
I can still successfully browse the repository using plain old
But Tortoise still gives me the PROPFIND error.
I now commented out SSLVerifyClient, SSLVerifyDepth, SSLOptions, restarted
________________________________
From: news <news@sea.gmane.org> [mailto:news <news@sea.gmane.org>] On
Sent: Thursday, May 18, 2006 2:04 PM
To: users@tortoisesvn.tigris.org
Subject: Re: Client Certificate Authentication/Authorization?
There is some bug in some old version of Apache that makes
"renegotiation" of certificate difficult. I have not successed on Apache
under debian sarge.
I do not know for Windows (so I should not post...) but my solution
under debian has proved useful, and can maybe be ported on Windows:
I use svn not under usual https port(443), but under a dedicated port in
my case https://www.tol..fr:5989/svn/trunk...
Anyway, i did not try with certificates and accepted a crypted password
solution, but it could work with certificate, as the fact of changing of
port may eliminate the need for "renegotiation".
Sorry for so many "could" or "may"...
PC
Steve.Craft@sungard.com a écrit :
>
>
> Server is Win32, Svn + Apache. Apache uses client-certificate-only for
> (http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular), so
> everyone can view parts of the system but only those with internal
> CA-issued client certs can access my /svn structure.
>
>
>
> I can browse https://theserver/svn/myrepos, get prompted for the client
> cert, select it, and browse.
>
>
>
> Using Tortoise, if I use the Repo Browser on the same URI:
>
>
>
> 1.
>
> Prompt window comes up -
>
> "Error validating server certificate...."
>
> But that does not happen when using IE or Firefox (because I already
> installed the cert).
>
>
>
> Where does Tortoise keep it's list of trusted Cas?
>
>
>
>
>
> I choose to accept the prompt and accept the server certificate
> permanently.
>
>
>
> 2.
>
> The browser shows the tree hierarchy down to the specified path, but if I
> expand another directory to go another level deeper, I see -
>
> "Error *PROPFIND request failed on '/svn......'"
>
> The Apache log says -
>
> [Thu May 18 13:36:47 2006] [error] Re-negotiation handshake failed: Not
> accepted by client!?
>
>
>
> I reckon there is something missing from my Tortoise configuration, but
> what is it?
>
>
>
> Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: users-help@tortoisesvn.tigris.org
---------------------------------------------------------------------
|
This is an archived mail posted to the TortoiseSVN Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.