Authentication with client certification failed

100 views
Skip to first unread message

s-tkt

unread,
Mar 24, 2024, 4:19:40 AM3/24/24
to TortoiseSVN
*Client environment
Windows Server 2022 Datacenter 21H2 20348.2113
TortoiseSVN 1.14.6, Build 29673 - 64 Bit , 2023/12/25 19:33:34

*Server environment
nginx version: nginx/1.24.0  OpenSSL 3.0.8 7 Feb 2023
AWS Amazon Linux 2023

*What occurred
Case 1. After install of client certification into Windows certification store, and svn checkout with TortoiseSVN, it failed. The first figure is that prompt. The next figure is trace by Wireshark. Obviously it failed to establish TLS session. After SERVER HELO, immediately client send FIN.
Case 2. Settings certification (.p12) file path at servers file, did svn checkout, but it failed as same result as case 1.
Case 3. After deleting stored certification, did svn checkout. This successfully finished. No problem.

*Consideration
That client certification works very well except for TortoiseSVN, including many web browser, curl, git, svn CLI client. So I am convinced the certification is correct. For I must use this certification when I use web browser, I have to install into Windows certification store.

The same behavior is occurring on other environments, like Windows11, Windows10..

Do you have any good idea to conquer this trouble?
SVN-wireshark-fixed.png
SVN-cert-registerd-fixed.png

Stefan

unread,
Mar 24, 2024, 4:56:57 AM3/24/24
to TortoiseSVN
which svn client did you use for testing?

Try setting creating the registry DWORD value:
HKCU\Software\TortoiseSVN\OpenSSLCapi
to 0

after that, try again with TSVN.

Shinichi Takata

unread,
Mar 24, 2024, 11:56:13 AM3/24/24
to TortoiseSVN on behalf of Stefan
Hello, Stefan

I used for testing:
> TortoiseSVN 1.14.6, Build 29673 - 64 Bit , 2023/12/25 19:33:34
I didn't take care of SVN server because any requests did not reach SVN server.

After making registry key, the results are:
Case 1: TortoiseSVN show prompt and ask path of client certification, then request finished successfully.
Case 2: request finished successfully without prompt to ask path of client certification.
Case 3: same as previous result, request completed successfully.

The problem is solved entirely. I take setting of case 2.
Thank you so much for your advice. I am relieved to be able to continue using TortoiseSVN.

2024年3月24日(日) 17:56 Stefan via TortoiseSVN <torto...@googlegroups.com>:
--
You received this message because you are subscribed to the Google Groups "TortoiseSVN" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tortoisesvn...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/8f2a0833-cbab-4fa7-964e-0fef47ef556en%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages