On 28.01.2014 13:53, Branko Čibej wrote: > I just got a private report from a user that has a setup with a > private certificate. This user happened to select the wrong > certificate for a server, and got the following response: > > svn: E120171: Unable to connect to a repository at URL > 'https://example.com/svn/foobar' > svn: E120171: Error running context: An error occurred during SSL > communication > > This the error code E120171 comes from Serf and apparently means > SERF_ERROR_AUTHN_FAILED. There's corroboration in the server log: > > [Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671 > error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a > certificate No CAs known to server for verification? > > The bug, as I see it, is that in this case, the command-line client > doesn't ask for different credentials. Shouldn't we be transforming > (or wrapping) SERF_ERROR_AUTHN_FAILED to SVN_ERR_RA_NOT_AUTHORIZED?
To follow up, apparently the command-line client never even asks for a client cert ... even when ~/.subverion/auth is completely removed. -- Brane -- Branko Čibej | Director of Subversion WANdisco // Non-Stop Data e. br...@wandisco.com
