Issue with SSL client certificates on Windows 7 64bit

1,049 views
Skip to first unread message

Edmund Craske

unread,
Dec 22, 2011, 11:15:06 AM12/22/11
to us...@tortoisesvn.tigris.org

Hi,

I’m having an issue setting up TortoiseSVN to use a client certificate to connect to an https repository. I am able to get the Cygwin CLI version of svn to connect simply by adding the following to the relevant group in the servers configuration file:

ssl-client-cert-file=/home/craske01/.subversion/craske01-cert.pfx

ssl-authority-files=/home/craske01/.subversion/ca.pem

 

Doing the same for TortoiseSVN only works if the same certificate is also added to the Windows certificate store. The moment I delete that certificate from the Windows store, it is no longer able to connect.

 

I’m not sure if I have somehow managed to accidentally configure something that causes this behaviour, and have not yet had the time to set it up again from scratch on another machine to make sure. I have already tried deleting the auth directory.

 

If it is somehow related, I am going via an http proxy as there is no direct connectivity to the repository. However, the same proxy settings do work fine for the Cygwin CLI version of svn.

 

I have also tried configuring it both with and without a password in the servers file, to no effect. Any ideas?

 

Regards,

Edmund Craske

 

 

http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

Stefan Küng

unread,
Dec 22, 2011, 3:30:33 PM12/22/11
to us...@tortoisesvn.tigris.org
On 22.12.2011 17:15, Edmund Craske wrote:
> Hi,
>
> I’m having an issue setting up TortoiseSVN to use a client certificate
> to connect to an https repository. I am able to get the Cygwin CLI
> version of svn to connect simply by adding the following to the relevant
> group in the servers configuration file:
>
> ssl-client-cert-file=/home/craske01/.subversion/craske01-cert.pfx
>
> ssl-authority-files=/home/craske01/.subversion/ca.pem
>
> Doing the same for TortoiseSVN only works if the same certificate is
> also added to the Windows certificate store. The moment I delete that
> certificate from the Windows store, it is no longer able to connect.
>
> I’m not sure if I have somehow managed to accidentally configure
> something that causes this behaviour, and have not yet had the time to
> set it up again from scratch on another machine to make sure. I have
> already tried deleting the auth directory.
>
> If it is somehow related, I am going via an http proxy as there is no
> direct connectivity to the repository. However, the same proxy settings
> do work fine for the Cygwin CLI version of svn.
>
> I have also tried configuring it both with and without a password in the
> servers file, to no effect. Any ideas?

* what version of TSVN are you using?
* why is adding the cert to the windows cert store a problem? You said
that works, so why don't you just do that?
* SVN on Windows uses the windows cert store (Cygwin does not)
* using the cygwin svn client on Windows is _not_ recommended - just
search this mailing list archive to find out why

Stefan

--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest Interface to (Sub)Version Control
/_/ \_\ http://tortoisesvn.net

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2899196

To unsubscribe from this discussion, e-mail: [users-un...@tortoisesvn.tigris.org].

Edmund Craske

unread,
Dec 23, 2011, 9:18:55 AM12/23/11
to us...@tortoisesvn.tigris.org
Hi Stefan,

> * what version of TSVN are you using?

I'm currently using TortoiseSVN 1.7.3, Build 22386 - 64 Bit , 2011/12/16 15:01:39 but I was seeing the issue with 1.7.2 also.

> * why is adding the cert to the windows cert store a problem? You said
> that works, so why don't you just do that?

There is no way to password protect a certificate in the Windows cert store, and my department recommend not storing developer certificates there.

> * SVN on Windows uses the windows cert store (Cygwin does not)

I couldn't find anything in the documentation that actually states this - also it doesn't seem to exclusively use the Windows cert store - if I haven't also provided a copy of the cert and private key in a file and linked it in the servers configuration file, it doesn't seem to work - it seems to need both for some reason?

> * using the cygwin svn client on Windows is _not_ recommended - just
> search this mailing list archive to find out why

I searched the mailing list and only found reference to it being a bad idea to share working copies between Cygwin and TortoiseSVN - I have no intention of doing that! I was merely checking that my environment and certificate do work correctly using a different svn client, which they do - so the problem lies within TortoiseSVN.

Regards,
Edmund

http://www.bbc.co.uk/


This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2899368

Reply all
Reply to author
Forward
0 new messages