On Wed, Oct 01, 2003 at 03:22:00AM +1200, Nick Wright wrote:
> I suspect there is some sort of issue with the way I have Apache/SSL set up..
> I'm fairly new to the SSL side of things especially..
>
> Anything to do with the "dropped support for PEM-encoded client certs, only
> accept PKCS12 now" thing new in NEON 0.24 perhaps?
>
> The server runs Debian testing/unstable, Apache/2.0.47 (Debian GNU/Linux),
> DAV/2 SVN/0.30.0, mod_ssl/2.0.47, OpenSSL/0.9.7b
>
>
> If you havent done so already, the output from the openSSL client is posted
> below.
>
> You can try connecting to the repository also - it's just at
> https://highgate.net.nz/
The patch below should work around this with neon 0.24.2, thanks for
making the server available. (it would help if you could leave it
available too so I can work out whether the test suite is woefully
inadequate in not catching this, or just that your server config is
strange)
Index: src/ne_openssl.c
===================================================================
RCS file: /home/cvs/neon/src/ne_openssl.c,v
retrieving revision 1.28
diff -u -r1.28 ne_openssl.c
--- src/ne_openssl.c 14 Sep 2003 11:19:45 -0000 1.28
+++ src/ne_openssl.c 30 Sep 2003 16:13:49 -0000
@@ -507,6 +507,15 @@
sock = ne_sock_sslsock(sess->socket);
chain = SSL_get_peer_cert_chain(sock->ssl);
+ if (chain == NULL) {
+ X509 *c = SSL_get_peer_certificate(sock->ssl);
+
+ if (c) {
+ chain = sk_X509_new_null();
+ sk_X509_push(chain, c);
+ }
+ }
+
if (chain == NULL || sk_X509_num(chain) == 0) {
ne_set_error(sess, _("SSL server did not present certificate"));
return NE_ERROR;
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Sep 30 18:22:05 2003