[Bug 294648] Re: svn over https with client certificates broken (regression in intrepid)

Martin Lindhe 294648 at bugs.launchpad.net
Tue Feb 14 16:29:30 UTC 2012 

Re: myself

I actually fixed my problem. It turned out our dev server did not have a
ServerName in the apache hosts config. Setting this to the same name as
in the server CA, fixed the problem.

This error:

[Tue Feb 14 16:49:15 2012] [warn] RSA server certificate CommonName (CN)
`xxx.xxx' does NOT match server name!?

Seems to indicate the issue.

However, since i have had this "faulty" setup, this warning has been in
this server's error logs for years already and it didnt occur to meit
was the cause. Perhaps upgrade this from a warning to an "error", since
it now is actually an error.

[Sun Jul 24 06:52:13 2011] [warn] RSA server certificate CommonName (CN)
`xxx.xxx' does NOT match server name!?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subversion in Ubuntu.
https://bugs.launchpad.net/bugs/294648

Title:
  svn over https with client certificates broken (regression in
  intrepid)

Status in an HTTP and WebDAV client library:
  Fix Released
Status in Subversion:
  Fix Released
Status in “neon27” package in Ubuntu:
  Fix Released
Status in “subversion” package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: subversion

  After upgrading from hardy to intrepid, svn with https client
  certificates authentication stopped working, giving the following
  error:

  user at testhost:~$ svn info https://svn.example.org/svn/main/
  svn: OPTIONS of 'https://svn.example.org/svn/main': Could not read status line: SSL error: Rehandshake was requested by the peer. (https://svn.example.org)

  This is against an apache2 server with
  <Location /svn>
            SSLVerifyClient require
  ...

  If I set "SSLVerifyClient none" everything just works, hence the
  conclusion that this is related to client certificate verification. I
  have configured my svn client to use a pkcs#12 file.

  This may be related to http://bugs.debian.org/480041

  Version info:
  subversion 1.5.1dfsg1-1ubuntu2
  libneon27-gnutls 0.28.2-2build1

To manage notifications about this bug go to:
https://bugs.launchpad.net/neon/+bug/294648/+subscriptions

More information about the foundations-bugs mailing list