linux上svn连接visual svn server时ssl鉴权失败,问题解决 SSL handshake failed: SSL error: Key usage violation in ce
2015-07-04 19:02
1166 查看
场景:1、在windows 7上安装了visual svn server作为自己的svn服务器。
2、在虚拟机centos 6.3上使用svn客户端check代码,报错:
[plain] view
plaincopyprint?
#svn checkout https://192.168.0.104:8443/svn/DblList
svn: OPTIONS of 'https://192.168.0.104:8443/svn/DblList': SSL handshake failed: SSL error: Key usage violation in certificate has been detected. (https://192.168.0.104:8443)
解决:在网上找到一篇文章,按照它介绍的方法操作,解决问题。明白了,这是因为virtual svn在生成鉴权数据的时候使用了一个插件,而这个插件是OpenSSL支持的,但GnuTls是不支持的。详细的内容大家仔细看吧。感谢这篇文章的原作者,及散播者。
Subversion clients receive the following error message when attempting to connect to VisualSVN Server:
svn: OPTIONS of 'https://server.domain.local/svn/repo': SSL handshake failed: SSL error:
Key usage violation in certificate has been detected. (https://server.domain.local)
You may experience the issue if both of the following conditions are met:
VisualSVN Server has a self-signed certificate applied and
Subversion client is built against the GnuTLS library.
NoteGnuTLS library is an alternative to OpenSSL. Most Subversion clients
for Windows are built against OpenSSL and are not affected by this issue. While some Subversion packages (available mostly on Linux-based operating systems such as Ubuntu and Debian) are built against GnuTLS and are affected.
During the initial setup VisualSVN Server 2.5 generates a self-signed certificate and adds it to the Trusted Root Certification Authorities store on the local machine. To avoid possible security issues, VisualSVN Server makes this self-signed certificate to
be valid for server authentication only (by specifying the 'Key Usage' extension). Subversion clients built against GnuTLS don't recognize such certificate and the error occurs.
It's not recommended to use a self-signed certificate in a production environment. We advise to use a certificate issued by your domain or a third-party certificate authority instead of a self-signed one.
If you have to use a self-signed certificate please follow the instruction to generate a cerificate without specifying 'Key Usage' extension:
Add the following registry value to the Windows registry:
for 32-bit system:
for 64-bit system:
Start VisualSVN Server Manager.
Go to Action | Properties | Certificate.
Click Change certificate... and follow the wizard instructions to
generate a new self-signed certificate.
The certificate will be generated without the 'Key Usage' extension and will be compatible both with GnuTLS and OpenSSL.
2、在虚拟机centos 6.3上使用svn客户端check代码,报错:
[plain] view
plaincopyprint?
#svn checkout https://192.168.0.104:8443/svn/DblList
svn: OPTIONS of 'https://192.168.0.104:8443/svn/DblList': SSL handshake failed: SSL error: Key usage violation in certificate has been detected. (https://192.168.0.104:8443)
解决:在网上找到一篇文章,按照它介绍的方法操作,解决问题。明白了,这是因为virtual svn在生成鉴权数据的时候使用了一个插件,而这个插件是OpenSSL支持的,但GnuTls是不支持的。详细的内容大家仔细看吧。感谢这篇文章的原作者,及散播者。
Symptoms
Subversion clients receive the following error message when attempting to connect to VisualSVN Server:svn: OPTIONS of 'https://server.domain.local/svn/repo': SSL handshake failed: SSL error:
Key usage violation in certificate has been detected. (https://server.domain.local)
You may experience the issue if both of the following conditions are met:
VisualSVN Server has a self-signed certificate applied and
Subversion client is built against the GnuTLS library.
NoteGnuTLS library is an alternative to OpenSSL. Most Subversion clients
for Windows are built against OpenSSL and are not affected by this issue. While some Subversion packages (available mostly on Linux-based operating systems such as Ubuntu and Debian) are built against GnuTLS and are affected.
Technical background
During the initial setup VisualSVN Server 2.5 generates a self-signed certificate and adds it to the Trusted Root Certification Authorities store on the local machine. To avoid possible security issues, VisualSVN Server makes this self-signed certificate tobe valid for server authentication only (by specifying the 'Key Usage' extension). Subversion clients built against GnuTLS don't recognize such certificate and the error occurs.
Workaround
It's not recommended to use a self-signed certificate in a production environment. We advise to use a certificate issued by your domain or a third-party certificate authority instead of a self-signed one.If you have to use a self-signed certificate please follow the instruction to generate a cerificate without specifying 'Key Usage' extension:
Add the following registry value to the Windows registry:
for 32-bit system:
[HKEY_LOCAL_MACHINE\SOFTWARE\VisualSVN\VisualSVN Server] "CreateGnuTLSCompatibleCertificate"=dword:00000001
for 64-bit system:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VisualSVN\VisualSVN Server] "CreateGnuTLSCompatibleCertificate"=dword:00000001
Start VisualSVN Server Manager.
Go to Action | Properties | Certificate.
Click Change certificate... and follow the wizard instructions to
generate a new self-signed certificate.
The certificate will be generated without the 'Key Usage' extension and will be compatible both with GnuTLS and OpenSSL.
相关文章推荐
- innodb_io_capacity
- linux程序设计——进程和信号总结(第十一章)
- Linux内网环境DNS修改域名指向,JAVA应用程序能否实时切换的问题总结
- Linux 常用命令
- CentOs6.5中安装和配置vsftp简明教程
- Linux System Calls Hooking Method Summary
- Linux经典书籍推荐
- Linux文件系统简介
- 新手安装ubuntu问题解决(easyBCD没作用,分区,双显卡闪屏等)
- Linux NFS 介绍
- linux下google chrome浏览器字体修改
- linux终端绝佳配色方案
- Linux打开VMWare无法找到kernel header path的问题解决
- Linux常用命令征集
- Linux crontab定时执行任务 命令格式与详细例子
- linux冷知识之查看可执行文件依赖的动态库[待补充]
- centos 7 安装五笔输入法
- Linux查看硬件配置命令
- Linux OpenCV 静态链接错误
- Linux学习笔记(九)——Linux文件压缩与打包