I faced the same problem once. I chose to have sshd listen on port 443
as well as 22, so that I could use a firewall-acceptable port to connect
to ssh. I then tunneled the server's port 3690 (svnserve) to my
workstation and used svn://localhost.
Yeah, it's a hack. By the time I get to the AAARGH!!! stage, I start
hacking things together. ;)
Chris Rose wrote:
> Well, this has been an odyssey.
>
> I'm running a debian-based distro for my svn server, with apache 2
> with mod_ssl installed (And working, at least somewhat)
>
> mod_dav_svn works as well, as does mod_authz_svn, as far as I am able to tell.
>
> I am able to browse my repository just fine at
> http://host.domain/repo/personal/ and also at
> https://host.domain/repo/personal, using a web browser. However, when
> I try to connect using the command line client:
>
> svn co http://host.domain/repo/personal/project1 .
>
> I get three consecutive requests for a client key:
>
> Authentication realm: https://host.domain:443
> Client certificate filename: ...
>
> This happens twice (six requests) in a checkout, or once in an update
> (three requests) and then the update/checkout/other operation proceeds
> apparently as normal.
>
> I have, I thought, created valid and working CA certificates from the
> instructions at
> http://svn.red-bean.com/viewcvs/main/3bits/servercert_3bits.txt?rev=127
>
> These are loaded in the virtual server definition for Apache using the lines
> SSLCACertificatePath /etc/apache2/svn/private
> SSLCACertificateFile /etc/apache2/svn/private/ca.crt
> SSLCertificateFile /etc/apache2/svn/private/server.crt
> SSLCertificateKeyFile /etc/apache2/svn/private/server.key
>
> I then created a server.pem file for my client with the instructions here:
> http://www.pseudonym.org/ssl/ssl_apache.html
>
> And converted it to a pem certificate with the instructions on the
> red-bean site.
>
> However, this does not seem to work.
>
> Can someone help me out here? I don't *need* ssl working, but I'm
> leery of doing all my development from school without it, and I can
> only guarantee that port 80 will work for me, not anything else, so
> svn+ssh isn't an option. As a consequence, I'd like to get mod_ssl to
> do what I want it to.
>
> Is there a step-by-step "Create a CA, a server cert, and any number of
> client certs" instruction set for making this work? I'm more than
> willing to provide domain name specifics and apache2 configuration
> info (A lot of oddly organized include files) to anyone who is willing
> to help me out.
----------
Scanned for viruses by ClamAV
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 29 08:28:11 2004