Did you configure apache to REQUIRE a client cert, or did you set the
client cert to optional?
I think there was an issue I ran into with optional client certificates.
If you set it to optional on the server as a whole, but then required
for a specific URL, the initial connection is made without a client
certificate, and then the server requests a client certificate when it
gets the PROPFIND request, and I think that the svn client can't handle
the request for a client certificate after the initial handshake.
This issue probably should be entered as a bug in the issue tracker, if
it isn't there already.
Ralph Seichter wrote:
> I'm having a hard time configuring SSL client certificate access
> with Subversion 1.1.4 and Apache 2.0.54. I created a certificate
> with OpenSSL, converted it to PKCS 12 and imported it into Mozilla
> Using the browser, I can successfully access the SVN repositories
> with the client certificate present, so I am quite sure that I have
> set up Apache correctly. However, I can't seem to tell the SVN
> client how to use the certificate file. I have addedd the following
> to my 'servers' configuration:
> ssl-authority-files = /home/user/ca.pem
> ssl-client-cert-file = /home/user/cert.p12
> ssl-client-cert-password = secret
> According to the SVN Book section "SSL Certificate Management"
> this should be about all which is required on the client side, but
> SVN keeps complaining:
> svn: PROPFIND of '/foobar': Could not read status line: SSL
> error: sslv3 alert unexpected message (https://server.tld)
> This is accompanied by the Apache error message
> Re-negotiation handshake failed: Not accepted by client!?
> which usually indicates that the client does not have a certificate
> available. If I have missed a FAQ or HOWTO, please kindly point me
> to it. Your help is appreciated!
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Thu May 5 18:44:46 2005