This is a re-post from my MySpace blog.
After a couple of days of trying I finally figured out how to use stunnel with subversion. Then after I managed to figure it out I decided I would check the mailing lists and the bug tracker. someone already managed to do the same thing. I however found the solution proposed made more noise than was needed. The openssl s_client on my FreeBSD 6.1 machine still outputs noise about the certificates. After trying openssl, I tried ucspi-ssl and couldn’t get it to work, I finally ended up using sst (and netcat). sst can be found in ports/security/sst, for those on FreeBSD.
Here are the configuration settings that I used. (3691 is reserved by IANA for use by “Magaya something” I forget because I don’t run it).
- stunnel.conf
[svns]
accept = 3691
connect = 3690 - ~/.subversion/config in the [tunnels] section
Either you can override the ssh = or create another scheme such as I did (accessed via svn+ssl://)
[tunnel]
ssl = /path/to/home/bin/svnssl - svnssl (new file, remember to chmod to 700 or 755)
- with openssl
#!/bin/sh
/path/to/openssl s_client -quiet -port 3691 -host $1 - with sst (needs netcat as well)
NOTE: the timeout option (-t) must be set otherwise sst will keep the connection alive forever, 30 seconds should be more than enough.
#!/bin/sh
/path/to/sst -p 3691 -t 30 -- nc $1 3691
- with openssl