[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Problem with SVN on Apache using SSLRequire

From: David Rosenstrauch <darose_at_darose.net>
Date: Thu, 19 Nov 2009 12:15:19 -0500

On 11/19/2009 11:59 AM, Pat Farrell wrote:
> David Rosenstrauch wrote:
>> Hmmm ... didn't hear back any responses on this. Is there anyone out
>> there with experience running SVN on Apache that might have some idea
>> what's happening here? I'm really rather stumped!
>>
>> I can't understand why this Apache configuration performs the
>> authorization perfectly when the client is a web browser, but fails when
>> the client is SVN.
>
> That is a bit strange. But are you sure its working?
> I've never seen Apache support two hosts on SSL using the usual virtual
> host mapping. I've heard that SSL happens before apache gets to look at
> the host stuff,

Over http it's definitely doing the expected behavior:

1) deny http:

[darose_at_daroselin xfce4]$ w3m -dump
http://${thesvnbox}/${thesubdir}/svn/${thereponame}
Forbidden

You don't have permission to access /<our repo> on this server.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Apache/2.2.3 (CentOS) Server at <our server ip> Port 80

2) deny https: on 443

[darose_at_daroselin xfce4]$ w3m -dump
https://${thesvnbox}/${thesubdir}/svn/${thereponame}
Bad cert ident mysql-prod from <our server ip>: accept? (y/n)y
Accept unsecure SSL session:Bad cert ident mysql-prod from <our server ip>
Forbidden

You don't have permission to access /<our repo> on this server.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Apache/2.2.3 (CentOS) Server at <our server ip> Port 443

3) allow https: on 81

[darose_at_daroselin xfce4]$ w3m -dump
https://${thesvnbox}:81/${thesubdir}/svn/${thereponame}
Bad cert ident mysql-prod from <our server ip>: accept? (y/n)y
Accept unsecure SSL session:Bad cert ident mysql-prod from <our server ip>
Username for Subversion: david
Password:
Accept unsecure SSL session:Bad cert ident mysql-prod from <our server ip>
Accept unsecure SSL session:Bad cert ident mysql-prod from <our server ip>
Revision 1413: /

   • admin/
   • custom/
   • db/
   • httpd/
   • portal/
   • testing/
   • utils/
   • website/

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Powered by Subversion version 1.4.2 (r22196).

Hmmmm .... could the "invalid certficate" be causing the issue here?
The certficate is considered invalid because a) it's self-signed, and b)
the hostname on it doesn't match the URL we're using to access the
repository (we're using IP address). Might SVN be barfing on the bad
cert? If so, is there any way to configure things on the cerver side to
ignore this? (Since it's a self-signed cert, and an internal system,
*we* know that it's valid.)

Thanks,

DR

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2420116

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-11-19 18:15:43 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.