libneon27-gnutls: latest upgrades broke svn https auth

Joe Orton joe at manyfish.co.uk
Fri Oct 17 04:22:13 EDT 2008


On Thu, Oct 16, 2008 at 04:10:29PM +0200, Yves-Alexis Perez wrote:
...
> [status-line] < HTTP/1.1 401 Authorization Required
> [hdr] Date: Thu, 16 Oct 2008 13:56:07 GMT
> Header Name: [date], Value: [Thu, 16 Oct 2008 13:56:07 GMT]
> [hdr] Server: Apache
> Header Name: [server], Value: [Apache]
> [hdr] WWW-Authenticate: Digest realm="Subversion at gutenberg", nonce="FRrgNV9ZBAA=624c95147ca7595edf74afc01d90934d51efa2f5", algorithm=MD5, domain="svnserver.tld/wsvn/ wsvn/", qop="auth"
> Header Name: [www-authenticate], Value: [Digest 
> realm="Subversion at gutenberg", 
> nonce="FRrgNV9ZBAA=624c95147ca7595edf74afc01d90934d51efa2f5", 
> algorithm=MD5, domain="svnserver.tld/wsvn/ wsvn/", qop="auth"]

The problem is the domain parameter which the server is sending; it's 
invalid and excludes the /svn repository which you're trying to use, so 
neon refuses to use Digest auth for that path.  "svnserver.tld/wsvn/" 
does not mean what you might expect, either, it would resolve to a URI 
of e.g http://blah/svnserver.tld/wsvn/, not http://svnserver.tld/wsvn/

(The domain parameter is controlled by the AuthDigestDomain directive in 
the server config)

I might have to change neon to ignore the domain parameter in the case 
where it excludes the current request-URI, since that seems to be 
clearly a config error.

Regards, Joe




More information about the neon mailing list