[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Does https / SSL with mod_authz_svn & Basic Authentication work?

From: Edward Bosco <ebosco_at_prologic-inc.com>
Date: 2006-05-11 00:05:37 CEST

Thanks, Garrett - It does as you say - I had, I believe, version errors;
rough procedure to cure below.

-----Original Message-----
From: rooneg@gmail.com [mailto:rooneg@gmail.com] On Behalf Of Garrett
Sent: Wednesday, May 10, 2006 2:13 PM
To: Edward Bosco
Cc: users@subversion.tigris.org
Subject: Re: Does https / SSL with mod_authz_svn & Basic Authentication

On 5/10/06, Edward Bosco <ebosco@prologic-inc.com> wrote:
> Garrett -
> I've implemented directory and file access control authorization under
> http, with the standard subversion tools under Apache 2.0 and SVN
> via paths and users defined in an AuthzSVNAccessFile.
> Basic authentication with users and passwords is defined via htpasswd
> and a users' file.
> I've not yet been able to do that using SSL encryption and the https
> protocol.
> Is this possible under https? I'll get a challenge on initially
> the website, but no further challenges as I traverse the protected SVN
> directory tree.

There shouldn't be any reason you can't make that work over https. In
fact there should be several examples of similar things in the docs.



Appreciate the reply, Garrett.

Got it working this afternoon under Windows and Win32. I was able to
demonstrate per-file and per-directory Access Control via a
AuthzSVNAccessFile list under both http and https websites.

The key change was to use all the latest versions of Apache2 - 2.0.58,
Openssl_0.9.8b and SVN 1.3.1.

I got errors on startup with Apache 2.0.55 and openssl_0.9.7a on adding
the Subversion 1.3.1 Apache modules. The errors were expressed as
"..corrupted modules" at Apache startup time. I could get both http and
https operation with Apache, but no subversion support.

The method was installing a regular non-SSL version of Apache 2.0.58 on
the Windows XP Pro machine. I verified it could webserve, stopped
Apache, and then added https / SSL support. The site
http://hunter.campbus.com/ has an Apache zip file with SSL support
compiled in.


The zip file is unzipped in a separate directory, and the binaries and
libs are overlaid on the original Apache 2.0.58. The httpd.conf and
ssl.conf files had minor changes required. I then verified good http and
https operation, and then added in the subversion Apache modules, and
the /svn directory.

A good HowTo can be found at Raible's Wiki: ApacheSSL


I'm going to update my Debian Testing server in a similar fashion - I
still have 2.0.55 Apache running, with 1.3.1-2 subversion. I'm hoping
that will provide ACL for the Debian side as well.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 11 00:09:51 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.