[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Accessing SVN repository via Apache and SSL client certificate? Almost there, but something is missing.

From: Ralph Seichter <subversion-ml_at_sentries.org>
Date: 2005-05-05 16:19:59 CEST

Hello,

I'm having a hard time configuring SSL client certificate access
with Subversion 1.1.4 and Apache 2.0.54. I created a certificate
with OpenSSL, converted it to PKCS 12 and imported it into Mozilla
Firefox.

Using the browser, I can successfully access the SVN repositories
with the client certificate present, so I am quite sure that I have
set up Apache correctly. However, I can't seem to tell the SVN
client how to use the certificate file. I have addedd the following
to my 'servers' configuration:

  [global]
  ssl-authority-files = /home/user/ca.pem
  ssl-client-cert-file = /home/user/cert.p12
  ssl-client-cert-password = secret

According to the SVN Book section "SSL Certificate Management"
<http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.3.2>
this should be about all which is required on the client side, but
SVN keeps complaining:

  svn: PROPFIND of '/foobar': Could not read status line: SSL
  error: sslv3 alert unexpected message (https://server.tld)

This is accompanied by the Apache error message

  Re-negotiation handshake failed: Not accepted by client!?

which usually indicates that the client does not have a certificate
available. If I have missed a FAQ or HOWTO, please kindly point me
to it. Your help is appreciated!

-- 
Mit freundlichen GrŘ▀en / Sincerely
Dipl. Inform. Ralph Seichter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 5 16:21:58 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.