[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

some questions about setting up svn with Apache httpd

From: Christoph Anton Mitterer <cam_at_mathematica.scientia.net>
Date: 2005-05-10 20:28:30 CEST


I've got some questions and I hope someone can help me.

I've just set up my Apache 2 Server (using the default Debian packages).
First of all I'd like to have all transmissions between client an server
be encrypted and verified. So I musst use SSL. (And it would be best if
I could in some way forbid normal http mode for the svn server).

My first question: Is the communication already secure (e.g. agains man
in the middle attack) if I securely transmitt my servers SSL certificate
to all clients or is it required that the clients authenticate
themselves with an SSL certificate too (in order to get secured and
verified communication)?

2nd Question how do I properly set up my apache that it uses https and
ONLY https for svn (including such questions like how do I create my
Apaches SSL certificate)? Or is there some guide where you could give me
the URL to?

As far as I've understood,... if my svn server uses SSL the
communication should be secured (but perhas not fully - see first
question) but now I have to set up authentication method:
I think there are now to possible methods:
1) "Normal" Password/User Authentication => How would my config files
look if I'd like to do that?
2) Or each Client has its own Certificate => Again: How do I setup my
config that this (and only this) method would work.
2a) How do I create the clients certificates? And how does the server
knows that a certificate (from a cliend) is allowed to acces the
repository? I suppose I must use the servers certificate to sign the
clients certificate? If so how does this work =) ?
3) Are there others?

The Autz_svn_mod is only used to set finer access rules (e.g. to
directories), isn't it?

And last but not least: Is it still possible to make single repositorys
worldwide readable (even when i use all the Client/server/SSL
Certificates stuff I told before)?

Lots of thanks and greetings,
Christoph Anton Mitterer.

Received on Tue May 10 20:33:53 2005

This is an archived mail posted to the Subversion Users mailing list.