[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn + apache + ssl

From: <Peter.VanEchaute_at_bench.com>
Date: 2004-12-22 19:43:01 CET

Hello All,
 
I hope your all having a good holiday season so far. I'm attempting to setup a SVN server. My machine is RHEL 3 using Apache 2.0.52, mod_ssl 2.0.52, OpenSSL 0.9.7a, DAV 2, and SVN 1.1.1. What I would like to accomplish is svn access through Apache and being authenticated using a single SSL x509 cert. I have a group of local accounts that are chroot jailed, so straight svn access isn't something I can do (ex: svn co svn://ip/svn/repo). So what I forsee is access through Apache which doesn't go through the local accounts (ex: svn co https://ip/svn/repo). I understand that during the checkout, that it stores user credentials. My problem is that I can 'co' just fine, but I can't edit and then commit. Here is the command I used to create the working copy...
 
svn co --username testaccount --password testaccount https://192.168.1.254/svn/design
 
I created an account called 'testaccount'. Here is the config portions that are relavent...
 
 
 
httpd.conf..
<Location /svn>
DAV svn
SVNParentPath /usr/local/subversion/repositories
 
# our access control policy
AuthzSVNAccessFile /usr/local/subversion/svn-auth-users-access
 
# try anonymous access first, resort to real
# authentication if necessary.
Require valid-user
 
SSLVerifyClient require
SSLVerifyDepth 2
 
# how to authenticate a user
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /usr/local/subversion/httpd-svn-auth-users-pw
</Location>
 
 
NOTE: The AuthUserFile directive above and the password-db are two different files but httpdxxx is htpasswd encrypted and the svn-authxxx is plain text. Both containing the same info though.
 
 
svnserve.conf...
[general]
password-db = /usr/local/subversion/svn-auth-users-pw
realm = Design Engineering
 
# anonymous users aren't allowed
anon-access = none
 
# authenticated users can both read and write
auth-access = write
 
 
 
the svnserver is run as svn...
svn 32481 0.0 0.0 4936 940 ? S Dec21 0:00 /usr/local/bin/svnserve.orig -d -T -r /usr/local/subversion/repositories
 
 
 
I created the repo as such...
svnadmin create /usr/local/subversion/repositories/design
chown -R svn:svn *
chmod 775 design
chmod -R g=u design
/usr/local/bin/htpasswd -m /usr/local/subversion/httpd-svn-auth-users-pw testaccount
 
 
 
cat /usr/local/subversion/svn-auth-users-access
[groups]
everyone = testaccount
testaccount-host = 192.168.1.23
 
[design:/]
@everyone = rw
 
[testaccount-host]
ssl-client-cert-file = /usr/local/conf/ssl.users/sslusers.p12
ssl-client-cert-password = blah
 
 
 
 
I have created three sets of SSL certs (CA, Server, Client)...
ls /usr/local/conf/ssl.key
ca.csr ca.key server.csr server.key sslusers.csr sslusers.key
 
ls /usr/local/conf/ssl.crt
ca.crt server.crt sslusers.crt
 
ls /usr/local/conf/ssl.users
sslusers.p12
 
 
 
I'm not sure what else to add here, but here is my problem...
 
svn co -username testaccount -password testaccount https://192.168.1.254/svn/design
svn commit -m "testing." --username testaccount --password testaccount
Authentication realm: https:// 192.168.1.254:443
Client certificate filename: /home/testaccount/sslusers.p12
Passphrase for '/home/testaccount/sslusers.p12':
Sending nforce4/Config.lb
Transmitting file data .svn: Commit failed (details follow):
svn: PUT of '/svn/design/!svn/wrk/93cedd7b-d8eb-0310-b2c4-90868bc6e483/freebios2/targets/nvidia/nforce4/Config.lb': 403 Forbidden (https:// 192.168.1.254)
 
 
 
Any help is greatly appreciated. Happy Holidays.
 
Cheers,
Pete
Received on Wed Dec 22 19:46:26 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.