[svk-users] RA/PROPFIND request failed while creating a mirror (strange new developments)

outre99 outre99 at gmail.com
Sun Jul 27 10:39:11 EDT 2008


Thanks for the pointer Mark.

I tried to curl the same address (see below) and lo and behold it came back
with 301, which you logically suggested was Apache's fault.  So I gave
Apache a serious looking over but there's nothing I could find.  No
redirects, no mod_rewrite rules, nothing to suggest that any redirection
should take place.
Here are some very strange facts:
1.  There is no mention of 301 http response in the vh log even though it is
set on "debug" level.
2.  I can access the same repository through the browser and through
Subversive without any problems.  Although TourtoiseSVN comes back with "301
Moved Permanently response".

So it seems that either Apache is going through a dual personality disorder
or the same http response is interpreted differently by different client
agents (browser, curl, subversive, tourtoiseSVN).  Either way I'm out of my
depth here.  

Has anyone experience something like this? 

Can it have something to do with the fact that my SSL certificate is
homemade and not issued by a recognized authority? just grasping at straws
here.





**************************
curl command and response from my home linux box to the server:

[kiril at KDevBox ~]$ curl -k -I -u xxxxxx:yyyyyy
https://repo.beartechsolutions.com/svk_test
HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Jul 2008 14:37:12 GMT
Server: Apache/2.2.3 (CentOS)
Location: https://repo.beartechsolutions.com/svk_test/
Content-Type: text/html; charset=iso-8859-1
[kiril at KDevBox ~]$



*************************
last lines from the error log.  everything else has to do with ssl
processing.  log level is set to debug.  there's no mention of 301 status
anywhere.

[Sun Jul 27 20:56:56 2008] [debug] ssl_engine_kernel.c(1765): OpenSSL: Read:
SSL negotiation finished successfully
[Sun Jul 27 20:56:56 2008] [debug] ssl_engine_kernel.c(1770): OpenSSL:
Write: SSL negotiation finished successfully
[Sun Jul 27 20:56:56 2008] [info] [client 124.120.224.228] Connection closed
to child 0 with standard shutdown (server repo.beartechsolutions.com:443)



**************************
The applicable extract from the httpd.conf file:

NameVirtualHost 203.151.233.136:80
NameVirtualHost 203.151.233.136:443

...

<VirtualHost repo.beartechsolutions.com:443>
ServerName repo.beartechsolutions.com

# Turn on SSL access
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert.pem
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/key.pem

# Directory / is needed here to enforce SSL for the entire vhost,
# including global aliases. This prevents accidental access to
# global aliases without SSL.
<Directory />
Options FollowSymLinks
SSLRequireSSL On
</Directory> 

DocumentRoot /reporoot
<Location />
  DAV svn
  SVNParentPath /reporoot
  AuthType Basic
  AuthName "SVN Repos"
  AuthUserFile /etc/svn-auth-file
  Require valid-user
  SVNPathAuthz off
</Location>

  <Files ~ "\.(cgi|shtml|php)$">
      SSLOptions +StdEnvVars
  </Files>

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog /reporoot/logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION
ErrorLog /reporoot/logs/repo_error.log
LogLevel debug
</VirtualHost>




------------------------------
Original Message

Message: 3
Date: Sat, 26 Jul 2008 15:46:37 -0700
From: Mark Lundquist <lundquist.mark at gmail.com>
Subject: Re: [svk-users] RA/PROPFIND request failed while creating a
	mirror
To: A list for users of the distributed version control system svk
	<svk-users at lists.bestpractical.com>
Message-ID: <F155A85A-4F45-4AED-8598-D4E753D893FA at gmail.com>
Content-Type: text/plain; charset="windows-1252"


On Jul 26, 2008, at 6:39 AM, outre99 wrote:

> [kiril at KDevBox ~]$ svk mirror //mirror https://repo.ourdomain.com/svk_test
> Error validating server certificate for 'https://repo.ourdomain.com:443' 
> :
>  - The certificate is not issued by a trusted authority. Use the
>    fingerprint to validate the certificate manually!
> Certificate information:
>  - Hostname: repo.ourdomain.com
>  - Valid: from Jul 15 04:59:37 2008 GMT until Jul 15 04:59:37 2009 GMT
>  - Issuer: Web Server, Bear Tech Solutions, Bangkok, Bangkok, TH
>  - Fingerprint: 86:90:f6:3f:9a:97:22:1e:f2:e2:57:b5:51:e4:a9:ff: 
> 10:05:d5:d8
> (R)eject, accept (t)emporarily or accept (p)ermanently? p
> Authentication realm: <https://repo.ourdomain.com:443> SVN Repos
> Password for 'kiril':
> RA layer request failed: PROPFIND request failed on '/svk_test':  
> PROPFIND of '/svk_test': 301 Moved Permanently (https://repo.ourdomain.com

> )
> [kiril at KDevBox ~]$

Okay, so the Subversion layer is reporting that it got an HTTP  
redirect on https://repo.ourdomain.com/svk_test.  That would indeed  
foul it up.

Why don't you try aiming a browser (or 'curl -k -I') at that URI
(https://repo.ourdomain.com/svk_test 
) and seeing if indeed you get the redirect?  If you do, then you can  
work on getting your remote HTTP server configuration straightened  
out, then come back and try again w/ SVK after you get that sorted  
out...

cheers,
?ml?





More information about the svk-users mailing list