[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Accessing SVN repository via Apache and SSL client certificate? Almost there, but something is missing.

From: Steve Greenland <steveg_at_lsli.com>
Date: 2005-05-06 17:21:23 CEST

On Fri, May 06, 2005 at 05:00:46PM +0200, Ralph Seichter wrote:
> Steve Greenland wrote:
>
> > Virtual server listening on a different address? (I'm guessing
> > that a name-based virtual server would fall prey to the same
> > problem as the <Location> technique.)
>
> The server in question has only one IP address,

So add an alias IP. Now, if the problem is that you don't have an extra
external IP for the firewall, you may be SOL.

> I wonder if there is a way not to use <Location> as described in the
> SVN book, but <Directory> instead? This could perhaps change the
> timing of the server asking for client certificates.

Probably not, as <Location> processing happens before <Directory> processing.

The basic problem is that (initial) establishment of the SSL connection
happens *before* the server actually sees the requestion. The only thing
to go on is IP address and port. This is why you can't run different
certificates on different name-based virtual servers. Unless/until the
SVN client supports re-negotiating the connection, I think you're stuck.

Steve

-- 
"Outlook not so good." That magic 8-ball knows everything! I'll ask
about Exchange Server next.
                           -- (Stolen from the net)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 6 17:24:52 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.