zoukankan      html  css  js  c++  java

  • linux上svn连接visual svn server时ssl鉴权失败,问题解决(转)

    场景:1、在windows 7上安装了visual svn server作为自己的svn服务器。

        2、在虚拟机centos 6.3上使用svn客户端check代码,报错:

     

    [plain] view plaincopyprint?
     
    1. #svn checkout https://192.168.0.104:8443/svn/DblList  
    2. svn: OPTIONS of 'https://192.168.0.104:8443/svn/DblList': SSL handshake failed: SSL error: Key usage violation in certificate has been detected. (https://192.168.0.104:8443)  

     

    解决:在网上找到一篇文章,按照它介绍的方法操作,解决问题。明白了,这是因为virtual svn在生成鉴权数据的时候使用了一个插件,而这个插件是OpenSSL支持的,但GnuTls是不支持的。详细的内容大家仔细看吧。感谢这篇文章的原作者,及散播者。

     

    Symptoms

     

    Subversion clients receive the following error message when attempting to connect to VisualSVN Server:

    svn: OPTIONS of 'https://server.domain.local/svn/repo': SSL handshake failed: SSL error:
    Key usage violation in certificate has been detected. (https://server.domain.local)

    You may experience the issue if both of the following conditions are met:

    • VisualSVN Server has a self-signed certificate applied and
    • Subversion client is built against the GnuTLS library.
    Note
    NoteGnuTLS library is an alternative to OpenSSL. Most Subversion clients for Windows are built against OpenSSL and are not affected by this issue. While some Subversion packages (available mostly on Linux-based operating systems such as Ubuntu and Debian) are built against GnuTLS and are affected.

    Technical background

    During the initial setup VisualSVN Server 2.5 generates a self-signed certificate and adds it to the Trusted Root Certification Authorities store on the local machine. To avoid possible security issues, VisualSVN Server makes this self-signed certificate to be valid for server authentication only (by specifying the 'Key Usage' extension). Subversion clients built against GnuTLS don't recognize such certificate and the error occurs.

    Workaround

    It's not recommended to use a self-signed certificate in a production environment. We advise to use a certificate issued by your domain or a third-party certificate authority instead of a self-signed one.

    If you have to use a self-signed certificate please follow the instruction to generate a cerificate without specifying 'Key Usage' extension:

    1. Add the following registry value to the Windows registry:

      • for 32-bit system: 

        [HKEY_LOCAL_MACHINESOFTWAREVisualSVNVisualSVN Server] "CreateGnuTLSCompatibleCertificate"=dword:00000001

      • for 64-bit system:

        [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeVisualSVNVisualSVN Server] "CreateGnuTLSCompatibleCertificate"=dword:00000001
    2. Start VisualSVN Server Manager.
    3. Go to Action | Properties | Certificate.
    4. Click Change certificate... and follow the wizard instructions to generate a new self-signed certificate.

    The certificate will be generated without the 'Key Usage' extension and will be compatible both with GnuTLS and OpenSSL.

     

    http://blog.chinaunix.net/uid-24567872-id-3861366.html

    http://blog.csdn.net/xinshou_jiaoming/article/details/6956558

     

     
  • 相关阅读:
    vue 表格组件分享
    原创-整理了下常用的js数组 、对象、数字、字符串的操作方法
    h5 plus/h5+规范使用,模块索引,教你如何去看h5+的手册
    vue 右键菜单插件 简单、可扩展、样式自定义的右键菜单
    vuecli3 引入script 针对没有cmd amd require等方式的js
    vue新手入门指导,一篇让你学会vue技术栈,本人初学时候的文档
    node搭建本地服务器
    利用nodeJs anywhere搭建本地服务器环境
    vue封装组件的正确方式-封装类似elementui的组件
    微信小程序自定义模态框(字体图标)
  • 原文地址:https://www.cnblogs.com/softidea/p/4346197.html
Copyright © 2011-2022 走看看