[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

client certificate troubles

From: Fredrik Svensson XF (LD/EMP) <fredrik.xf.svensson_at_ericsson.com>
Date: 2004-05-24 20:38:08 CEST


I'm trying to set up a Subversion server over httpd. I'm using the packages from David Summers
on a Red Hat 9 maschine.

I'm using subversion over https, which works, but the svn commandline exits with:

        svn: PROPFIND request failed on '/svn'
        svn: PROPFIND of '/svn': Could not read status line: SSL error: sslv3 alert unexpected message (https://lotta.xxxx.net)

sometime after the server certificate has been accepted.
It works with a browser and a client certificate.

I think that the subversion server configuration is errornous, but I do not
know what to look for...

The ssl configuration is the stock configuration for a redhat 9 apache server.

subversion conf file:
I have tried with and without the LimitExcept clause
I can do a list of the repos if I comment out the "SSLVerifyClient"
directive, but I get no client authentication or authorization!

Kind Regards
Fredrik Svensson

LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn>
   DAV svn
   SVNPath /svnroot/lotta

   # Limit write permission to list of valid users.
       AuthzSVNAccessFile /var/www/lotta/svn_auth

       SSLVerifyClient require
       SSLVerifyDepth 5
       SSLCACertificateFile conf/ssl.crt/server.crt
       SSLCACertificatePath conf/ssl.crt
       SSLOptions +FakeBasicAuth
       AuthName "Lotta Project realm"
       AuthType Basic
       AuthUserFile /var/www/lotta/password
       require valid-user

neon-debug-mask = 511

[qsvefre_at_localhost qsvefre]$ svn list https://lotta.xxx.net/svn
Creating request...
Running request create hooks.
ah_create, for WWW-Authenticate
Request created.
Doing DNS lookup on lotta.xxx.net...
Running pre_send hooks
Not handling session.
Sending request headers:
Host: lotta.xxx.net
User-Agent: SVN/1.0.3 (r9775) neon/0.24.6
Connection: TE, Keep-Alive
TE: trailers
Content-Length: 300
Content-Type: text/xml
Depth: 0

Sending request-line and headers:
Connecting to
Doing SSL negotiation.
Chain depth: 1
Match lotta.xxx.net on ...
Identity match: bad
Cert #0:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=SE, ST=NA, L=LUND, O=Ericsson, OU=CPO, CN=lotta.xxx.net/emailAddress=fredrik.svensson.xf@ericsson.se
            Not Before: May 24 10:17:03 2004 GMT
            Not After : May 22 10:17:03 2014 GMT
        Subject: C=SE, ST=NA, L=LUND, O=Ericsson, OU=CPO, CN=lotta.xxx.net/emailAddress=fredrik.svensson.xf@ericsson.se
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
            X509v3 Authority Key Identifier:

            X509v3 Basic Constraints:
    Signature Algorithm: md5WithRSAEncryption
Match lotta.xxx.net on lotta.xxx.net...
Identity match: good
Verify result: 18 = self signed certificate
Error validating server certificate for 'https://lotta.xxx.net:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: lotta.xxx.net
 - Valid: from May 24 10:17:03 2004 GMT until May 22 10:17:03 2014 GMT
 - Issuer: CPO, Ericsson, LUND, NA, SE
 - Fingerprint: 5e:79:41:19:d2:dd:9e:7b:a5:f5:43:c8:3b:1d:02:71:34:a0:a8:25
(R)eject, accept (t)emporarily or accept (p)ermanently? t
Sending request body...
Body block (300 bytes):
[<?xml version="1.0" encoding="utf-8"?><propfind xmlns="DAV:"><prop><version-controlled-configuration xmlns="DAV:"/><resourcetype xmlns="DAV:"/><baseline-relative-path xmlns="http://subversion.tigris.org/xmlns/dav/"/><repository-uuid xmlns="http://subversion.tigris.org/xmlns/dav/"/></prop></propfind>]
Request body sent: okay.
Request sent; retry is 0.
Aborted request (-1): Could not read status line
Closing connection.
Connection closed.
Running destroy hooks.
Request ends.
svn: PROPFIND request failed on '/svn'
svn: PROPFIND of '/svn': Could not read status line: SSL error: sslv3 alert unexpected message (https://lotta.xxx.net)
ne_session_destroy called.
ne_session_destroy called.
[qsvefre@localhost qsvefre]$

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon May 24 20:39:04 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.