You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by "Sven F." <sv...@gmail.com> on 2021/02/03 00:41:56 UTC

subversion on openbsd . is ssl-authority-files 1.14 broken ?

Hello.

Please cc: me i am not on the list.

I was using subversion on openBSD 6.7 - 1.13.0
It was updated to follow the python 3 trends to 1.14 in openBSD 6.8
the ssl-authority-files looks completely broken ,
both version use serf-1.3.8

I can see the programme opening the file

 83408 svn      CALL  open(0x16e9ae68370,0<O_RDONLY>)
 83408 svn      NAMI  "/root/testsvn/ca.crt"

In subversion 1.13 it then does the subversion job, in 6.14
it fails and asks to manually check the certificate instead of using
the custom ca.

Sadly maintenance mode is silent

subversion-1.14.0p0-maintainer_mode

and it will just output when i cancel at the certificat prompt
(R)eject, accept (t)emporarily or accept (p)ermanently?
^Csubversion/svn/list-cmd.c:479,
subversion/libsvn_client/list.c:584,

I build svn, version 1.13.0 (r1867053) on openbsd 6.8
but the problem is still present
so it probably 'tracked' down the problem into the lib ssl interraction (serf?).

I now wonder why libressl refuse to validate the certificate because when
i call openssl verify it works ( i checked the certificate in the ssl auth cache
with the ca )

Given serf was updated to 1.3.9/ on one side maybe it is the only issue

I have no idea how to contact the serf developper, or how to test serv
alone

Also I do not know where are the tarball of serf

buckets/ssl_buckets.c:1160:9: warning: implicit declaration of
function 'OPENSSL_malloc_init'
      [-Wimplicit-function-declaration]
        OPENSSL_malloc_init();

fixed by using CRYPTO

i ignored :
buckets/bwtp_buckets.c:236:42: warning: format specifies type
'unsigned long long' but the
      argument has type 'apr_size_t' (aka 'unsigned long') [-Wformat]
                           ctx->channel, calc_header_size(ctx->headers),

but it's probably very problematic .. long long is not long...

using 1.3.9 did not solve the problem.

Please help.

-- 
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: subversion on openbsd . is ssl-authority-files 1.14 broken ?

Posted by Daniel Shahaf <d....@daniel.shahaf.name>.

Sven F. wrote on Wed, 03 Feb 2021 00:41 +00:00:
> so it probably 'tracked' down the problem into the lib ssl interraction (serf?).

libserf handles http/https.  Subversion doesn't use SSL libraries directly for http.

> I have no idea how to contact the serf developper, or how to test serv
> alone

https://serf.apache.org/

> i ignored :
> buckets/bwtp_buckets.c:236:42: warning: format specifies type
> 'unsigned long long' but the
>       argument has type 'apr_size_t' (aka 'unsigned long') [-Wformat]
>                            ctx->channel, calc_header_size(ctx->headers),
> 
> but it's probably very problematic .. long long is not long...

Just add the cast to unblock investigating the other issues?  There
aren't any range issues with casting UL to ULL.