[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Client Certificate Authentication/Authorization (Bad) Log Entries

From: <Steve.Craft_at_sungard.com>
Date: 2006-06-07 21:08:05 CEST

> From: Stefan Küng <tortoisesvn@gmail.com> [mailto:Stefan Küng

> Sent: Tuesday, May 23, 2006 2:41 PM

> To: Steve.Craft@sungard.com

> Subject: Re: Client Certificate Authentication/Authorization (Bad) Log



> Steve.Craft@sungard.com wrote:

> >

> >

> > It appears that I am getting the same kind of message when using svn

> > 'svn co'). I was using the latest Tortoise and svn 1.3.0, I'm

> > svn 1.3.1 now to see if it makes a difference - clients are Win32, so

> > OpenSSL support is baked in, right?


> Yes, OpenSSL is linked with svn as well as TortoiseSVN.

> If it still fails with svn 1.3.1, you have to report this on the

> Subversion mailing list (first try users@subversion.tigris.org, if you

> don't get far there, go to dev@subversion.tigris.org).

Apolgies for not getting back to this sooner. My issues were not with
Tortoise or Subversion per se:

     1. My Apache configuration needed some additional,

        explicit directives because of the server's location

        behind load-balanced routers and firewalls (I didn't know about

        the electronics between the server and clients until

        late in my troubleshooting).

     2. My client-side certificates needed additional information

        embedded in them to make the SSL handshake "cleaner".

The above are things that I never had to do with past Subversion+Tortoise
installations, but previous installations were always in a less
Byzantine/secure environment.

The error reporting on the server side led me to a lot of guessing and
trial-and-error. I think a lot more verbose reporting would have shown me
"what's what" a lot sooner, but as of now I'm not clear if the reporting
should have come from Apache or the Subversion-supplied .so (or the svn or
Tortoise client). My troubleshooting friend was OpenSSL itself; I used it
in "immediate mode" to speak directly to the server to understand what
was/not happening.

Thanks to all in the community for your help!

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jun 7 21:10:57 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.