You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Greg Troxel <gd...@ir.bbn.com> on 2009/08/11 18:35:51 UTC
Re: parse tlsext bug
[moved to users@ because this doesn't feel like an svn bug]
I think I've found a bug in Subversion. I'm not quite sure whether this is
actually a bug in Subversion or in Apache HTTPd but since the error
"manifests" itself in Subversion I'll try it here first.
The error reads like this:
SSL negotiation failed: SSL error: parse tlsext
I am getting this too, tending to get it on larger operations and only
on some hosts.
My setup is
server: netbsd/amd64 5.0. apache 2.2.12, svn 1.6.4, authz
client: netbsd/i386 5.0 svn 1.6.4
with
client: linux/i386 2.6.28 svn 1.6.1
I don't have the problem.
With 2.2.11 plus security patches (specifically, pkgsrc www/apache22
version 2.2.11nb6), the large diff that failed now works.
I already have SSLSessionCache disabled.
Has anyone tried 2.2.13? The release notes don't indicate a fix for this.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2382623
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: AW: parse tlsext bug
Posted by Slim Farza <sf...@gmail.com>.
Is there any update on this issue?
Thank you.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2406279
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
AW: parse tlsext bug
Posted by Sebastian Krysmanski <se...@krysmanski.de>.
Since I'm the only one interested in this issue (at least it seems that way) and nobody else seems to care (neither here nor in the IRC channel) I'm "closing" this issue by removing myself from this mailing list. Hopefully a lot of other people will encounter this problem in the future so that it'll be noticed by the developers. But until then it seems as if I've no choice but stick with Apache 2.2.11.
Sebastian
-----Ursprüngliche Nachricht-----
Von: Sebastian Krysmanski [mailto:sebastian@krysmanski.de]
Gesendet: Mittwoch, 2. September 2009 07:14
An: users@subversion.tigris.org
Betreff: AW: parse tlsext bug
Hmm, I think it's the other way around. I think the error only occurs when
OpenSSL is compiled with tlsext enabled and doesn't occur when tlsext is
disabled as on my system tlsext is enabled. However, I can't disable tlsext
on my OpenSSL installation as it's shipped with my Distro (Ubuntu 9.04) and
required by basic applications. (I fear I could break the system when I try
to replace the OpenSSL installation.) Moreover I think (but I'm not sure)
that this only affect the svn client but not the svn server (i.e. Apache's
mod_ssl).
I've also tried the configuration directive you provided but it didn't work.
The problem still remains.
Sebastian
-----Ursprüngliche Nachricht-----
Von: George Stein [mailto:svn.4.george_stein@spamgourmet.com]
Gesendet: Dienstag, 1. September 2009 14:10
An: users@subversion.tigris.org
Betreff: RE: parse tlsext bug
Sebastian,
I had a similar problem in Win32.
It might be caused when OpenSSL was built without enabling TLS extensions
[1,2].
As a workaround I set in httpd.conf [3,4]:
SSLProtocol -ALL +SSLv2 +SSLv3
George
[1] http://code.google.com/p/support/issues/detail?id=1395
[2] http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
[3] http://www.svnforum.org/2017/viewtopic.php?t=8466
[4] http://www.modssl.org/docs/2.8/ssl_reference.html#ToC8
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=23
89739
To unsubscribe from this discussion, e-mail:
[users-unsubscribe@subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2390046
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2393204
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
AW: parse tlsext bug
Posted by Sebastian Krysmanski <se...@krysmanski.de>.
Hmm, I think it's the other way around. I think the error only occurs when
OpenSSL is compiled with tlsext enabled and doesn't occur when tlsext is
disabled as on my system tlsext is enabled. However, I can't disable tlsext
on my OpenSSL installation as it's shipped with my Distro (Ubuntu 9.04) and
required by basic applications. (I fear I could break the system when I try
to replace the OpenSSL installation.) Moreover I think (but I'm not sure)
that this only affect the svn client but not the svn server (i.e. Apache's
mod_ssl).
I've also tried the configuration directive you provided but it didn't work.
The problem still remains.
Sebastian
-----Ursprüngliche Nachricht-----
Von: George Stein [mailto:svn.4.george_stein@spamgourmet.com]
Gesendet: Dienstag, 1. September 2009 14:10
An: users@subversion.tigris.org
Betreff: RE: parse tlsext bug
Sebastian,
I had a similar problem in Win32.
It might be caused when OpenSSL was built without enabling TLS extensions
[1,2].
As a workaround I set in httpd.conf [3,4]:
SSLProtocol -ALL +SSLv2 +SSLv3
George
[1] http://code.google.com/p/support/issues/detail?id=1395
[2] http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
[3] http://www.svnforum.org/2017/viewtopic.php?t=8466
[4] http://www.modssl.org/docs/2.8/ssl_reference.html#ToC8
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=23
89739
To unsubscribe from this discussion, e-mail:
[users-unsubscribe@subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2390046
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: parse tlsext bug
Posted by George Stein <sv...@spamgourmet.com>.
Sebastian,
I had a similar problem in Win32.
It might be caused when OpenSSL was built without enabling TLS extensions [1,2].
As a workaround I set in httpd.conf [3,4]:
SSLProtocol -ALL +SSLv2 +SSLv3
George
[1] http://code.google.com/p/support/issues/detail?id=1395
[2] http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
[3] http://www.svnforum.org/2017/viewtopic.php?t=8466
[4] http://www.modssl.org/docs/2.8/ssl_reference.html#ToC8
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2389739
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
AW: parse tlsext bug
Posted by Sebastian Krysmanski <se...@krysmanski.de>.
I've just tried it using apache 2.2.13 with svn.1.6.4. No luck here. The
problem still exists. It would be nice if a Subversion developer would look
into that problem (even though it doesn't seem to be a Subversion problem;
but in this case we would at least know where to start looking for the
problem).
Regards
Sebastian
-----Ursprüngliche Nachricht-----
Von: Greg Troxel [mailto:gdt@ir.bbn.com]
Gesendet: Dienstag, 11. August 2009 20:36
An: Sebastian Krysmanski
Cc: users@subversion.tigris.org
Betreff: Re: parse tlsext bug
[moved to users@ because this doesn't feel like an svn bug]
I think I've found a bug in Subversion. I'm not quite sure whether this is
actually a bug in Subversion or in Apache HTTPd but since the error
"manifests" itself in Subversion I'll try it here first.
The error reads like this:
SSL negotiation failed: SSL error: parse tlsext
I am getting this too, tending to get it on larger operations and only
on some hosts.
My setup is
server: netbsd/amd64 5.0. apache 2.2.12, svn 1.6.4, authz
client: netbsd/i386 5.0 svn 1.6.4
with
client: linux/i386 2.6.28 svn 1.6.1
I don't have the problem.
With 2.2.11 plus security patches (specifically, pkgsrc www/apache22
version 2.2.11nb6), the large diff that failed now works.
I already have SSLSessionCache disabled.
Has anyone tried 2.2.13? The release notes don't indicate a fix for this.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2385134
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].