Hi, Von: Bert Huijben [mailto:b...@qqmail.nl] > From: Thomas Åkesson [mailto:tho...@akesson.cc] > > >> [Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671 > > >> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did > > >> not return > > >> a certificate No CAs known to server for verification? > > >> > > >> > > >> The bug, as I see it, is that in this case, the command-line client > > >> doesn't ask for different credentials. Shouldn't we be transforming > > >> (or wrapping) SERF_ERROR_AUTHN_FAILED to SVN_ERR_RA_NOT_AUTHORIZED? > > > > > > The command line client doesn't ask for a client certificate, it > > > should be defined correctly in the servers file using: > > > ssl-client-cert-file > > > ssl-client-cert-password > > > > Sorry, I am late to this party. Just got confused by this statement > > that command line client does not ask. > > > > svn info https://secure.example.com > > Autentiseringsregion (realm): https://secure.example.com:443 Filnamn > > för klientcertifikat: > > > > This happened to become Swedish but the last line asks for a filename > > of client cert. This was 1.7.7 that I had on an old test machine. > > > > Attempting this on 1.8 gives an SSL error as this thread has already stated. > > There was a behavior change in 1.8, where the default was changed to *not > ask* until it is enabled in the config. > > See http://subversion.apache.org/docs/release-notes/1.8.html#client-cert- > prompt-suppression > > I think the reasoning was that there are servers that allow a client > certificate, but don't require one. In case you would have to use such a > server but don't have a certificate you would get the question over and over > again.
A better fix for this would be to save in the auth cache that the login without certificate was successful, so the user won't be asked again until the next failure. Best regards Markus Schaber CODESYS® a trademark of 3S-Smart Software Solutions GmbH Inspiring Automation Solutions 3S-Smart Software Solutions GmbH Dipl.-Inf. Markus Schaber | Product Development Core Technology Memminger Str. 151 | 87439 Kempten | Germany Tel. +49-831-54031-979 | Fax +49-831-54031-50 E-Mail: m.scha...@codesys.com | Web: http://www.codesys.com | CODESYS store: http://store.codesys.com CODESYS forum: http://forum.codesys.com Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915
