[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Accessing SVN repository via Apache and SSL client certificate? Almost there, but something is missing.

From: Phillip Susi <psusi_at_cfl.rr.com>
Date: 2005-05-06 00:03:29 CEST

I believe when you have the SSLVerifyClient require directive inside the
<Location> node, apache does not ask for a client certificate during the
initial handshake. Only when you ask for a URL within that <Location>
does it ask for a client certificate, and svn doesn't seem to handle that.

Try moving the SSLVerifyClient directive to where you have the SSLEngine
On and SSLCertificateXXX directives, which in my case is in the virtual
host node.

This of course has the side effect of requiring ALL clients that connect
to the server to supply a valid certificate.

Ralph Seichter wrote:
> Here is the current configuration which I use for testing:
> <Location /subversion>
> DAV svn
> SVNParentPath /var/svn/repositories
> AuthzSVNAccessFile /var/svn/access
> Satisfy Any
> AuthType Basic
> AuthName "Subversion repository tree"
> AuthUserFile /var/svn/users
> Require valid-user
> SSLRequireSSL
> SSLVerifyClient require
> SSLVerifyDepth 2
> </Location>
> This setup requires both a client certificate and a user/password
> pair. It works as expected with Firefox when accessing URLs like
> <https://server.tld/subversion/project123/>, but not with the SVN
> client. Does the configuration look reasonable to you?

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 6 00:04:46 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.