[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Problem with SVN on Apache using SSLRequire

From: David Rosenstrauch <darose_at_darose.net>
Date: Thu, 19 Nov 2009 13:36:05 -0500

On 11/19/2009 12:20 PM, Pat Farrell wrote:
> David Rosenstrauch wrote:
>> Hmmmm .... could the "invalid certficate" be causing the issue here?
>> The certficate is considered invalid because a) it's self-signed, and b)
>> the hostname on it doesn't match the URL we're using to access the
>> repository (we're using IP address). Might SVN be barfing on the bad
>> cert? If so, is there any way to configure things on the cerver side to
>> ignore this? (Since it's a self-signed cert, and an internal system,
>> *we* know that it's valid.)
>
> Yes, I've seen this on other stuff.
> SVN will whine if the cert doesn't match the website name, but you can
> tell SVN to accept it.
>
> Being self signed is not a big deal, it causes one whine message at
> first, but you can say "accept this permenantly" and all is good.
>
> I'm not sure that using IP addresses works. Since its internal, setup a
> DNS record to resolve it.
>
> This stuff is very picky, and its been a while since I chased it down,
> so I don't guarentee that my memory is right. But I think you are in the
> right area now.

On second thought, though, the cert can't be the issue. When I take out
the SSLRequire clause, everything works perfectly using https over
either the standard port 443 or port 81. It's only when I add the
"SSLRequire %{SERVER_PORT} == 81" directive that things break.

Really then the only possibilities here are either a) I wrote the
SSLRequire directive wrong, or b) there's some other weirdness happening
here that I'm not aware of.

DR

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2420143

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-11-19 19:36:52 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.