[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Configuring mod_ssl for subverion. (AAARGH!!!)

From: Kevin Williams <kevin_at_bantamtech.com>
Date: 2004-12-29 08:25:46 CET

I faced the same problem once. I chose to have sshd listen on port 443
as well as 22, so that I could use a firewall-acceptable port to connect
to ssh. I then tunneled the server's port 3690 (svnserve) to my
workstation and used svn://localhost.

Yeah, it's a hack. By the time I get to the AAARGH!!! stage, I start
hacking things together. ;)

Chris Rose wrote:
> Well, this has been an odyssey.
> I'm running a debian-based distro for my svn server, with apache 2
> with mod_ssl installed (And working, at least somewhat)
> mod_dav_svn works as well, as does mod_authz_svn, as far as I am able to tell.
> I am able to browse my repository just fine at
> http://host.domain/repo/personal/ and also at
> https://host.domain/repo/personal, using a web browser. However, when
> I try to connect using the command line client:
> svn co http://host.domain/repo/personal/project1 .
> I get three consecutive requests for a client key:
> Authentication realm: https://host.domain:443
> Client certificate filename: ...
> This happens twice (six requests) in a checkout, or once in an update
> (three requests) and then the update/checkout/other operation proceeds
> apparently as normal.
> I have, I thought, created valid and working CA certificates from the
> instructions at
> http://svn.red-bean.com/viewcvs/main/3bits/servercert_3bits.txt?rev=127
> These are loaded in the virtual server definition for Apache using the lines
> SSLCACertificatePath /etc/apache2/svn/private
> SSLCACertificateFile /etc/apache2/svn/private/ca.crt
> SSLCertificateFile /etc/apache2/svn/private/server.crt
> SSLCertificateKeyFile /etc/apache2/svn/private/server.key
> I then created a server.pem file for my client with the instructions here:
> http://www.pseudonym.org/ssl/ssl_apache.html
> And converted it to a pem certificate with the instructions on the
> red-bean site.
> However, this does not seem to work.
> Can someone help me out here? I don't *need* ssl working, but I'm
> leery of doing all my development from school without it, and I can
> only guarantee that port 80 will work for me, not anything else, so
> svn+ssh isn't an option. As a consequence, I'd like to get mod_ssl to
> do what I want it to.
> Is there a step-by-step "Create a CA, a server cert, and any number of
> client certs" instruction set for making this work? I'm more than
> willing to provide domain name specifics and apache2 configuration
> info (A lot of oddly organized include files) to anyone who is willing
> to help me out.

Scanned for viruses by ClamAV

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 29 08:28:11 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.