TortiseSVN with DoD CAC (Smart Card) configuration help
From: Delmar Dale <delmar.dale_at_hp.com>
Date: Fri, 16 Nov 2012 13:46:50 -0800 (PST)
I work on a DoD project, and we are standing up Subversion in an effort to migrate off CVS. I have installed Subversion Edge on a Linux platform, and I have it setup to authenticate from Smart Card and optionally User/Pass from LDAP. The server setup seems good, it's running https and the certificates on the server are all good as they came from the DoD CA.
On the client machines which are Windows 7 64 bit, access to Subversion with the web browser (IE8) works as expected. When I access the the subversion URL, I am prompted to select the certificate. I select the cert and it signs me in. If I hit cancel it then prompts for user/pass which I can then sign in.
But the main goal is to get TortoiseSVN working. So we installed TortoiseSVN in the testlab (DoD very strict about downloading software) and have been trying to get it to work.
So here is the problem. When trying to checkout with TortoiseSVN it prompts for the certificate, but it doesn't seem to take it, and it then prompts for the user/pass. If I cancel the user/pass dialogs the connection fails. I see 401 errors in the log like this.
10.118.181.50 -- [15/Nov/2012:15:29:00 - 0800] "OPTIONS" /svn/path HTTP1/1" 401 401
I tried setting apache to certificate only login, and TortiseSVN prompts 3 times to choose the cert and then it fails with this error:
Error: OPTIONS of 'https://xxx/svn': SSL handshake Error: failed, client certificate was requested: SSL error: sslv3 alert handshake
It seems for some reason Tortoise isn't passing the selected cert information to Apache. From reading here I found one suggested fix for a similar error was to set this in the servers file.
I tried that and it didn't help.
Any help into resolving this issue would be appreciated.
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
This is an archived mail posted to the TortoiseSVN Users mailing list.