我只是尝试通过https进行SVN服务器的SSLauthentication。 我希望客户证书允许授权人员检查他们的存储库。
<VirtualHost 37.187.96.147:443> ServerName toto.com:443 DocumentRoot /var/www/html/ SSLEngine on SSLProtocol all SSLCipherSuite HIGH:MEDIUM SSLStrictSNIVHostCheck on SSLCertificateFile /etc/ssl/certificate-authority/certs/svn-webserver.crt SSLCertificateKeyFile /etc/ssl/certificate-authority/private/svn-webserver.key ErrorLog /var/log/httpd/svn-error_log CustomLog logs/svn-access "%t %u %{SVN-ACTION}e" env=SVN-ACTION SSLCACertificateFile /etc/ssl/certificate-authority/certs/ca.crt SSLVerifyDepth 5 SSLVerifyClient require SSLVerifyDepth 1 LogLevel debug <Location /svn/> DAV svn SSLOptions +FakeBasicAuth +StrictRequire SSLRequireSSL AuthName "Depot SVN namek" AuthType Basic AuthBasicProvider file AuthUserFile /var/svn/.fakehttpsauth Require valid-user SVNParentPath /var/svn/ SVNListParentPath on AuthzSVNAccessFile /var/svn/authz </Location> </VirtualHost> 但是这不是真正有用的,因为我的svn有这种types的用户名
/C=xx/ST=xx/L=xx/CN=MyUser
我怎样才能使用SSLUserName apache指令来创build一个只有客户端证书(MyUser)的SSL_CLIENT_S_DN_CN的fakeauth
我得到的2.2.15版本的Apache,所以我不能使用AuthBasicFake指令:/
如果有人能够帮助我,这可能是伟大的)。
感谢所有
在.fakehttpsauth你需要把这样的条目:
/C=US/ST=CA/O=Doe Inc/CN=John Doe/[email protected]:xxj31ZMTZzkVA
这里是一个脚本来创build您的证书这样的条目:
#!/bin/bash # export the certificates in fake auth format # see http://serverfault.com/questions/533639/apache-authentication-with-ssl-certificate-and-sslusername # WF 2016-01-06 fakepass=`openssl passwd -crypt -salt xx password` for c in *.crt do openssl x509 -in $c -text | grep Subject: | gawk -v fakepass=$fakepass ' BEGIN { FS="," } { gsub("Subject: ","",$0) for (i=1;i<=NF;i++) { f=trim($i) printf("/%s",f); } printf(":%s\n",fakepass); } # see https://gist.github.com/andrewrcollins/1592991 function ltrim(s) { sub(/^[ \t\r\n]+/, "", s); return s } function rtrim(s) { sub(/[ \t\r\n]+$/, "", s); return s } function trim(s) { return rtrim(ltrim(s)); } ' done