现在的位置: 首页 > 程序设计> 正文
Ubuntu SVN客户端连接windows VisualSVN SSL证书问题
2013年08月30日 程序设计 暂无评论 ⁄ 被围观 3,560+

问题

英文:svn: OPTIONS of 'https://server.domain.local/svn/repo': SSL handshake failed: SSL error:
Key usage violation in certificate has been detected. (https://server.domain.local)

中文:SSL handshake failed: SSL 错误:在证书中检测到违规的密钥用法。

解决方案

Symptoms

Subversion clients receive the following error message when attempting to connect to VisualSVN Server:

svn: OPTIONS of 'https://server.domain.local/svn/repo': SSL handshake failed: SSL error:
Key usage violation in certificate has been detected. (https://server.domain.local)

You may experience the issue if both of the following conditions are met:

  • VisualSVN Server has a self-signed certificate applied and
  • Subversion client is built against the GnuTLS library.
Note
NoteGnuTLS library is an alternative to OpenSSL. Most Subversion clients for Windows are built against OpenSSL and are not affected by this issue. While some Subversion packages (available mostly on Linux-based operating systems such as Ubuntu and Debian) are built against GnuTLS and are affected.

Technical background

During the initial setup VisualSVN Server 2.5 generates a self-signed certificate and adds it to the Trusted Root Certification Authorities store on the local machine. To avoid possible security issues, VisualSVN Server makes this self-signed certificate to be valid for server authentication only (by specifying the 'Key Usage' extension). Subversion clients built against GnuTLS don't recognize such certificate and the error occurs.

Workaround

It's not recommended to use a self-signed certificate in a production environment. We advise to use a certificate issued by your domain or a third-party certificate authority instead of a self-signed one.

If you have to use a self-signed certificate please follow the instruction to generate a cerificate without specifying 'Key Usage' extension:

  1. Add the following registry value to the Windows registry(修改注册表,添加一条dword类型的键值):
    • for 32-bit system: 
      [HKEY_LOCAL_MACHINE\SOFTWARE\VisualSVN\VisualSVN Server]
"CreateGnuTLSCompatibleCertificate"=dword:00000001
    • for 64-bit system: 
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VisualSVN\VisualSVN Server]
"CreateGnuTLSCompatibleCertificate"=dword:00000001
  2. Start VisualSVN Server Manager.
  3. Go to Action | Properties | Certificate.
  4. Click Change certificate...(重新生成新证书) and follow the wizard instructions to generate a new self-signed certificate.

The certificate will be generated without the 'Key Usage' extension and will be compatible both with GnuTLS and OpenSSL.

参考资料

1. http://www.visualsvn.com/support/topic/00056/

返回

作者:

该日志由 润物无声 于11年前发表在程序设计分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
转载请注明: Ubuntu SVN客户端连接windows VisualSVN SSL证书问题 | 润物无声 +复制链接
关键字: ,
【上篇】
【下篇】

您可能还会对这些文章感兴趣!

  1. Ubuntu 制作一键安装盘(四)
  2. Ubuntu 制作一键安装盘(三)
  3. Ubuntu 制作一键安装盘(二)
  4. Ubuntu 制作一键安装盘(一)
  5. 体验物联网
  6. Ubuntu升级源备忘
  7. 巧用DOS脚本删除工程的SVN信息
  8. Ubuntu 10.10 Manual 手册
jQuery Mobile 教程
WordPress 优化手记
Heroku 上的 Scala 程序设计
XML-RPC 之 Android实现(上)

给我留言

留言无头像?


插入图片

返回首页

Copyright © 2011-2014 润物无声  保留所有权利.   基于 WordPress 技术创建   Theme by Robin   Modify by Carey   辽ICP备2021004474号
×
新浪微博
腾讯微博