[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Accessing SVN repository via Apache and SSL client certificate? Almost there, but something is missing.

From: Ralph Seichter <subversion-ml_at_sentries.org>
Date: 2005-05-06 17:00:46 CEST

Steve Greenland wrote:

> Virtual server listening on a different address? (I'm guessing
> that a name-based virtual server would fall prey to the same
> problem as the <Location> technique.)

The server in question has only one IP address, so IP-based virtual
servers are not an option. As a name-based virtual server, it can
only use different ports to distinguish between services.

The problem is that some HTTPS proxies do not allow the required
WebDAV methods if the Apache server hosting the SVN repository
listens on a non-standard port. To avoid fruitless discussions with
the proxy admins (they will not change anything), I'd like to run
both the SVN service and the SquirrelMail service on port 443.

I wonder if there is a way not to use <Location> as described in the
SVN book, but <Directory> instead? This could perhaps change the
timing of the server asking for client certificates. Something like
this:

  Alias /subversion /var/svn/repositories
  <Directory /var/svn/repositories>
    DAV svn
    SVNParentPath /var/svn/repositories
    AuthzSVNAccessFile /var/svn/access

    Satisfy Any
    AuthType Basic
    AuthName "Subversion repository tree"
    AuthUserFile /var/svn/users
    Require valid-user

    SSLRequireSSL
    SSLVerifyClient require
    SSLVerifyDepth 2
  </Directory>

This example configuration does not work, as I expected. I don't
think it can be done with "DAV svn", because we're talking about URL
locations and not about file system directories, but perhaps I'm
mistaken and it is actually possible? It is just a guess, though,
that it might do any good.

The alternative would be to look into the SVN client code to see if
it can be made to behave like Firefox or even IE 6 when it comes to
being asked for client certificates logically attached to <Location>
sections. Personally, I don't know enough about the SVN client.

-- 
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 6 17:03:25 2005

This is an archived mail posted to the Subversion Users mailing list.