4

I'm trying to access my own SVN server with the Cornerstone SVN client. I get the following error message:

Description : Unable to contact the repository at “https:/[email protected]:443” because an SSL session could not be established. Suggestion : This Mac was unable to present a valid certificate or the server's certificate was rejected as invalid.
Technical Information

 Error : V4SSLHandshakeFailureError \ Exception : ZSVNSSLHandshakeFailureException

Causal Information

Description : Unable to connect to a repository at URL 'https:/[email protected]/svn/robi' Status : 175002

Description : OPTIONS of 'https:/[email protected]/svn/robi': SSL handshake failed: SSL error code -1/1/336032856 (https:/bar.mooo.info) Status : 175002

I think I found the solution by googling and using the search function. Described on apache.org or on serverfault (SVN SSL negotiation failed).

This can happen when the hostname reported by the server does not the match hostname given in the SSL certificate. Make sure your server configuration uses correct values for ServerName and NameVirtualHost.

As embarrasing as it is, I can't implement it for two reasons.

A) I don't know where to edit the ServerName and NameVirtualHost (httpd.conf is not there in apache2 anymore)
B) I don't know which name I have to add there, the setup:
hostname: friedrich (in the internal network) DDNS name: bar.mooo.info (as entered in the SVN client)

OS: Debian GNU/Linux wheezy/sid (3.2.0-4-amd64)
Apache version: Server version: Apache/2.2.22 (Debian)

more /etc/apache2/sites-available/ssl.conf :

[...]

 <Location /svn> DAV svn SVNParentPath /srv/nas/hd0/svn # this line must be added if you want SSL enabled SSLRequireSSL </Location>

[...]

 SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Improve this question
11
  • I had to criple the links in the error description because i'm not allowed to post more than two :) Commented Feb 11, 2013 at 17:10
  • What OS is the SVN server running? What version of Apache? Commented Feb 11, 2013 at 17:34
  • OS: Debian GNU/Linux wheezy/sid (3.2.0-4-amd64) Apache version: Server version: Apache/2.2.22 (Debian) (also added to question) Commented Feb 11, 2013 at 18:10
  • 1
    @ZaSter, It's not the case. He has no right to add URLs. Read, please, the first comment. Commented Feb 11, 2013 at 20:36
  • 1
    @ZaSter It is a spam filter on ServerFault that rejects any URL from a user with very low reputation score. Commented Feb 11, 2013 at 21:36

1 Answer 1

Reset to default
3

Try to debug with:

echo -e "GET / HTTP/1.0\n\n"|openssl s_client -connect bar.mooo.info:443

If it is working, display the certificate with:

echo ""|openssl s_client -connect bar.mooo.info:443|openssl x509 -text -noout

Check that the Subject: contains CN=bar.mooo.info Check that the dates are correct and that the client time is in sync. Check that the certificate is trusted by your client:

  • Verify that the root certificate used to sign the host certificate is in the trust keystore
  • Verify that root certificate is valid and not expired.
Improve this answer
5
  • Fancy commands :D --> CN=friedrich. So I guess this is the problem Commented Feb 11, 2013 at 22:52
  • After a while, I know them by hart. :D And it was not my goal to remember them. Commented Feb 11, 2013 at 22:56
  • So do I have to generate a new self signed certificate or change the apache config? (or both) Commented Feb 11, 2013 at 23:21
  • Oke, added the FQDN (bar.mooo.info) as ServerName in /etc/apache2/sites-available/ssl.conf and it worked. Maybe you want to add it to your answer if anyone comes past this thread. Commented Feb 11, 2013 at 23:29
  • This depends on your particular apache setup. Took out of context it is not that useful, having that you did not post your entire apache configuration (Listen, NameVirtualHost, VirtualHost directives are missing in your configs you posted) Commented Feb 12, 2013 at 16:28

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.