[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortiseSVN with DoD CAC (Smart Card) configuration help

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Sat, 17 Nov 2012 09:06:55 +0100

On 16.11.2012 22:46, Delmar Dale wrote:
> I work on a DoD project, and we are standing up Subversion in an effort to migrate off CVS. I have installed Subversion Edge on a Linux platform, and I have it setup to authenticate from Smart Card and optionally User/Pass from LDAP. The server setup seems good, it's running https and the certificates on the server are all good as they came from the DoD CA.
>
> On the client machines which are Windows 7 64 bit, access to Subversion with the web browser (IE8) works as expected. When I access the the subversion URL, I am prompted to select the certificate. I select the cert and it signs me in. If I hit cancel it then prompts for user/pass which I can then sign in.
>
> But the main goal is to get TortoiseSVN working. So we installed TortoiseSVN in the testlab (DoD very strict about downloading software) and have been trying to get it to work.
>
> So here is the problem. When trying to checkout with TortoiseSVN it prompts for the certificate, but it doesn't seem to take it, and it then prompts for the user/pass. If I cancel the user/pass dialogs the connection fails. I see 401 errors in the log like this.
>
> 10.118.181.50 -- [15/Nov/2012:15:29:00 - 0800] "OPTIONS" /svn/path HTTP1/1" 401 401
>
> I tried setting apache to certificate only login, and TortiseSVN prompts 3 times to choose the cert and then it fails with this error:
>
> Error: OPTIONS of 'https://xxx/svn': SSL handshake Error: failed, client certificate was requested: SSL error: sslv3 alert handshake
>
> It seems for some reason Tortoise isn't passing the selected cert information to Apache. From reading here I found one suggested fix for a similar error was to set this in the servers file.
>
> [global]
> http-library = serf
>
> I tried that and it didn't help.
>
> Any help into resolving this issue would be appreciated.

First things you should try:
* use a browser and see if you can browse the repository with that.
* make sure you're using the correct url for TSVN: you must use the url
that points to the repository itself, not some web view interface
* Settings dialog->Network->Subversion servers file->Edit
   read the comments in the file, then set up your certificate file
   ssl-client-cert-file = path/to/your/cert/file
   and check if you can access the repository now
* also try the command line client (svn.exe)
* you might get better help on the svn users mailing list since this is
   a server setup issue, not really a client problem

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3029005
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-11-17 09:07:07 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.