[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SSL / Client certificates error

From: David Yates <davidgyates_at_hotmail.com>
Date: Tue, 1 Apr 2014 18:00:57 +0100

I've set up Subversion Edge 4.0.5-3835.124 with TortoiseSVN 1.8.5 - both built with SVN 1.8.8 - all current release versions.
I've set this up with SSL and it's working fine.
But....I've also set up client authentication and this is where the problem starts.
Navigate a browser (Chrome or I.E.) to either the https://mysite.com/svn or https://mysite.com/viewvc and I can select a client certificate and it works fine.
I've managed to commit a large tree of files to SVN in this configuration and this too worked fine. My configuration and client authentication itself seems to be configured OK.
Checking out or attempting an update and it starts (creates a few directories) and then I consistently get the error:Error: Error retrieving REPORT: An error occurred during SSL communication using TortoiseSVN andsvn: E120171: Error retrieving REPORT: An error occurred during SSL communicationusing the command line client.
The all-knowing Internet suggested that this might be related to "OpenSSL renegotiaton" failing.
Here's the associated server log:[Tue Apr 01 17:37:27.949496 2014] [ssl:error] [pid 788:tid 1344] [client] AH02261: Re-negotiation handshake failed: Not accepted by client!?[Tue Apr 01 17:37:27.996371 2014] [dav:error] [pid 788:tid 1380] [client] Provider encountered an error while streaming a REPORT response. [500, #0][Tue Apr 01 17:37:27.996371 2014] [dav:error] [pid 788:tid 1380] [client] A failure occurred while driving the update report editor [500, #730053]
I'd already turned of OpenSSLCapi as per other suggestions to fix other client authentication problems and explicitly configured the client cert in the servers file.
So...I'm happy my config is OK - looks like possible fault already identified within openssl - but I'm stuck
David YatesDeveloper

Tortoise about box:TortoiseSVN 1.8.5, Build 25224 - 64 Bit , 2014/02/18 20:05:11Subversion 1.8.8, -releaseapr 1.5.0apr-util 1.5.3serf 1.3.4OpenSSL 1.0.1f 6 Jan 2014zlib 1.2.8
Servers file:[global]ssl-authority-files=C:\mypath\cacert.crtssl-client-cert-file = C:\mypath\svn_user.pfx
Server config (ssl_httpd.conf):SSLCACertificateFile c:\mypath\cacert.crt
<Location ~ "/(svn|viewvc)/core_system"># for the given path (in location) tell it that # client verification is neededSSLVerifyClient requireSSLVerifyDepth 1# checks that the client cert must have been issued by usSSLRequire %{SSL_CLIENT_I_DN_CN} eq "certs.bncs.tv"</Location>


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-04-02 14:27:05 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.