Re: svn always fails with E120171, but only from some clients

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Fri, 24 Oct 2014 18:31:47 +0100

"Sean McBride" <sean_at_rogue-research.com> writes:

> On Fri, 24 Oct 2014 16:24:58 +0100, Philip Martin said:
>
>>Is apache using SSLVerifyClient to require the client to provide a
>>certificate?
>
> I'm not too familiar with apache, but I'm going to say "no", which I
> conclude from this:
>
> $ cd /Library/Server/Web/
> $ grep -R -i SSLVerifyClient *
>
> which finds nothing.
>
> Is that a setting I should want set to something in particular?

No. It would be used if you wanted to force clients to provide a cert.

>>The 1.8 client defaults to not prompting for a client cert
>>if no cert is configured and that will cause the error you report. See:
>>
>>http://subversion.apache.org/docs/release-notes/1.8.html#client-cert-
>>prompt-suppression
>
> I edited ~/.subversion/config and uncommented
> "ssl-client-cert-file-prompt" and set it to "yes". Still got E120171.

Debugging SSL errors can be very hard. Is there anything in the server
error log?

> I see you are @wandisco. Do your svn binaries have a built-in
> statically linked version of OpenSSL or do they use the OS's version?

I don't know. I suspect they use the system library and it will show up
using

ldd /usr/bin/svn

or whatever the OSX equivalent is, otool perhaps.

-- 
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*

Received on 2014-10-24 19:32:18 CEST

This message: [ Message body ]
Next message: Philip Martin: "Re: [MacPorts] #45496: Subversion with JavaHL crashes on Yosemite"
Previous message: Les Mikesell: "Re: restricting certain users to read a particular folders in the Repo"
In reply to: Sean McBride: "Re: svn always fails with E120171, but only from some clients"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]