You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Sven F." <sv...@gmail.com> on 2021/02/03 00:41:56 UTC
subversion on openbsd . is ssl-authority-files 1.14 broken ?
Hello.
Please cc: me i am not on the list.
I was using subversion on openBSD 6.7 - 1.13.0
It was updated to follow the python 3 trends to 1.14 in openBSD 6.8
the ssl-authority-files looks completely broken ,
both version use serf-1.3.8
I can see the programme opening the file
83408 svn CALL open(0x16e9ae68370,0<O_RDONLY>)
83408 svn NAMI "/root/testsvn/ca.crt"
In subversion 1.13 it then does the subversion job, in 6.14
it fails and asks to manually check the certificate instead of using
the custom ca.
Sadly maintenance mode is silent
subversion-1.14.0p0-maintainer_mode
and it will just output when i cancel at the certificat prompt
(R)eject, accept (t)emporarily or accept (p)ermanently?
^Csubversion/svn/list-cmd.c:479,
subversion/libsvn_client/list.c:584,
I build svn, version 1.13.0 (r1867053) on openbsd 6.8
but the problem is still present
so it probably 'tracked' down the problem into the lib ssl interraction (serf?).
I now wonder why libressl refuse to validate the certificate because when
i call openssl verify it works ( i checked the certificate in the ssl auth cache
with the ca )
Given serf was updated to 1.3.9/ on one side maybe it is the only issue
I have no idea how to contact the serf developper, or how to test serv
alone
Also I do not know where are the tarball of serf
buckets/ssl_buckets.c:1160:9: warning: implicit declaration of
function 'OPENSSL_malloc_init'
[-Wimplicit-function-declaration]
OPENSSL_malloc_init();
fixed by using CRYPTO
i ignored :
buckets/bwtp_buckets.c:236:42: warning: format specifies type
'unsigned long long' but the
argument has type 'apr_size_t' (aka 'unsigned long') [-Wformat]
ctx->channel, calc_header_size(ctx->headers),
but it's probably very problematic .. long long is not long...
using 1.3.9 did not solve the problem.
Please help.
--
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: subversion on openbsd . is ssl-authority-files 1.14 broken ?
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Sven F. wrote on Wed, 03 Feb 2021 00:41 +00:00:
> so it probably 'tracked' down the problem into the lib ssl interraction (serf?).
libserf handles http/https. Subversion doesn't use SSL libraries directly for http.
> I have no idea how to contact the serf developper, or how to test serv
> alone
https://serf.apache.org/
> i ignored :
> buckets/bwtp_buckets.c:236:42: warning: format specifies type
> 'unsigned long long' but the
> argument has type 'apr_size_t' (aka 'unsigned long') [-Wformat]
> ctx->channel, calc_header_size(ctx->headers),
>
> but it's probably very problematic .. long long is not long...
Just add the cast to unblock investigating the other issues? There
aren't any range issues with casting UL to ULL.