Issue: After invoking SVN on the command line on a firewalled server, nothing visible happens for 15 seconds, then the program quits with the following error:
#Macintosh svn client windows
I am not sure what Windows is doing when verifying the certificate, maybe it is checking for revocation or something and waiting for timeout (because it cannot reach Verisign and friends). It's still a bit sad that this workaround needs configuration on every client, but at least it is a solution. this leads to 20 sec delay: svn list myrepoĪnd this not svn list -config-option servers:global:ssl-authority-files=C:\temp\mycertificate.crt myrepo Nevertheless, the 20-sec-delay is still there (and the DC is still trying to reach Verisign).Įventually I tried the local SVN configuration option "ssl-authority-files" to statically pass the CA certificate et voilà: the delay is gone! This worked (at least SVN did not complain about an unknown CA after deleting all auth information). We are using self-signed certificates, therefore my first try was to inject our CA certificate into Windows' certificate management via group policy. This was blocked by the firewall so the DC took its time to go through its list of alternative servers. c. which seem to be VERISIGN servers to check the SSL certificate or to find new root certificates etc (?). Update: I found a solution (although I'm not really sure what the reason is.):Įverytime I start Tortoise SVN (or the Windows svn commandline client), I noticed activity on the firewall: the domain controller was trying to reach several servers, e.g. The second connection seems to be using https but with the wrong credentials and finally Tortoise connects using the right credentials and authentication succeeds.Īny ideas? What happens between second 14 and second 36 and how can I prevent it from happening? -) The ssl_access_log and ssl_request_log starts at second 36, nothing is logged from second 14įor me, it looks like Tortoise SVN starts connection either without credentials or not using https (?) which leads to a timeout. mod_authnz_ldap.c(593): AH01697: auth_ldap authenticate: accepting john.doe util_ldap.c(372): AH01278: LDAP: Setting referrals to On. mod_authnz_ldap.c(501): AH01691: auth_ldap authenticate: using URL ldap://dc.mydomain.local/OU=Group of Users,OU=MyOU,DC=MyDomain,DC=local?sAMAccountName?sub?(objectClass=*) mod_authz_core.c(809): AH01626: authorization result of : denied (no authenticated user yet) mod_authz_core.c(809): AH01626: authorization result of Require ldap-filter memberof:1.2.840.113556.:=CN=SVN-Group,OU=Group of DomainLocalGroups,OU=MyOU,DC=MyDomain,DC=local: denied (no authenticated user yet) About 20 seconds later (timestamp at second 36), activity continues: ssl_engine_kernel.c(224): AH02034: Subsequent (No.2) HTTPS request received for child 0 (server :443) Now SVN seems to hang (timestamp at second 14) - Apache would kill the connection a bit later when module reqtimeout is enabled (I disabled it in this scenario). ssl_engine_kernel.c(1878): AH02043: SSL virtual host for servername found The Apache log (ssl_error_log) starts like this when initiating SVN activity: AH01964: Connection to child 0 established (server :443)
Require ldap-filter memberof:1.2.840.113556.:=CN=SVN-Group,OU=Group of DomainLocalGroups,OU=MyOU,DC=MyDomain,DC=local # Require ldap group via Microsoft rule "LDAP_MATCHING_RULE_IN_CHAIN" This is the relevant Apache configuration (obfuscated.): # Reduce LDAP cache to 30 secondsĪuthLDAPURL "ldap://dc.mydomain.local/OU=Group of Users,OU=MyOU,DC=MyDomain,DC=local?sAMAccountName?sub?(objectClass=*)" NONEĪuthLDAPBindDN "CN=ServiceUser,OU=Group of Users,OU=MyOU,DC=MyDomain,DC=local"ĪuthLDAPBindPassword "VERYSECRETPASSWORD" The client (Windows 7 圆4) runs Tortoise 1.7.15 (圆4). Authentication is done via LDAP on a Windows Server 2012 R2. The SVN server runs CentOS 7, Apache 2.4.6 and mod_dav_svn 1.7.14. Access via web browser works also without any delay. The same SVN action from a Linux commandline client works instantly. every update, commit, log takes a looong time and drives everyone crazy. The first connect seems to run into a timeout (SVN hangs about 20 seconds) and the second (automatic) try works instantly. I have a problem when connecting Tortoise SVN to my SVN server.
0 kommentar(er)
