You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Graham Leggett <mi...@sharp.fm> on 2005/01/24 07:33:53 UTC
Certificate problems hang subversion
Hi all,
The certificate on the ASF repo recently expired, resulting in the
following message:
Error validating server certificate for 'https://svn.apache.org:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
- The certificate has expired.
Certificate information:
- Hostname: svn.apache.org
- Valid: from Jan 25 00:59:50 2004 GMT until Jan 24 00:59:50 2005 GMT
- Issuer: Infrastructure, Apache Software Foundation, Forrest Hill,
Maryland, US
- Fingerprint: 7c:84:1f:93:73:86:2d:fe:f1:6d:ab:47:67:18:e4:43:41:ac:8d:09
(R)eject, accept (t)emporarily or accept (p)ermanently? p
Accepting the cert either temporarily or permanently results in the same
thing - the svn client hangs.
I am using v1.1.1 - is this problem fixed in v1.1.3?
Regards,
Graham
--
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Certificate problems hang subversion
Posted by Graham Leggett <mi...@sharp.fm>.
Ben Collins-Sussman wrote:
> I'm unable to reproduce. I accept the certificate (t)emporarily, and
> things proceed just fine. Perhaps you have buggy neon or openssl libs?
Just confirmed - upgrading from subversion v1.1.1 to v1.1.3 makes no
difference.
The versions of neon and openssl are:
neon-0.24.7-1
openssl-0.9.7a-33.12
Any further ideas?
Regards,
Graham
--
Re: Certificate problems hang subversion
Posted by Graham Leggett <mi...@sharp.fm>.
Ben Collins-Sussman wrote:
>> - Fingerprint:
>> 7c:84:1f:93:73:86:2d:fe:f1:6d:ab:47:67:18:e4:43:41:ac:8d:09
>> (R)eject, accept (t)emporarily or accept (p)ermanently? p
>>
>> Accepting the cert either temporarily or permanently results in the same
>> thing - the svn client hangs.
>>
>> I am using v1.1.1 - is this problem fixed in v1.1.3?
> This problem is unheard of. Are you the only one experiencing it? Or
> have you talked ot anyone else who can reproduce it? How can we
> reproduce it? Can you attach to the process to see what it's doing?
>
> I'm unable to reproduce. I accept the certificate (t)emporarily, and
> things proceed just fine. Perhaps you have buggy neon or openssl libs?
I tried it originally on MacOSX, and then on a RHEL3 box with the same
results. Attaching and doing a backtrace reveals that it seems to be
still blocking waiting for the user to select R, t or p, even though the
user has already typed this in:
#0 0x010426b9 in poll () from /lib/tls/libc.so.6
#1 0x00d6c9d4 in apr_poll () from /usr/lib/libapr-0.so.0
#2 0x080514c9 in wait_for_input (f=0x1, pool=0x1)
at subversion/clients/cmdline/prompt.c:66
#3 0x08051594 in prompt (result=0x1,
prompt_msg=0x9bbf2c8 "Error validating server certificate for
'https://svn.apache.org:443':\n - The certificate is not issued by a
trusted authority. Use the\n fingerprint to validate the certificate
manually!\n - The certi"...,
hide=0, ctx=0x9a82fa0, pool=0xd701f8)
at subversion/clients/cmdline/prompt.c:110
#4 0x08051ab3 in svn_cl__auth_ssl_server_trust_prompt (cred_p=0xbfff8664,
baton=0x1, realm=0x7fffffff <Address 0x7fffffff out of bounds>,
failures=10, cert_info=0xbfff8740, may_save=1, pool=0x9a82980)
at subversion/clients/cmdline/prompt.c:305
#5 0x0067e893 in ssl_server_trust_prompt_first_cred (credentials_p=0x1,
iter_baton=0x1, provider_baton=0x9a835a8, parameters=0x9a83658,
realmstring=0x1 <Address 0x1 out of bounds>, pool=0x1)
at subversion/libsvn_client/ssl_server_trust_providers.c:221
#6 0x001186ac in svn_auth_first_credentials (credentials=0x1,
state=0xbfff86b8, cred_kind=0xbfff8664 "",
realmstring=0x9b6d7e8 "https://svn.apache.org:443",
auth_baton=0x9a835e0,
pool=0x9c41960) at subversion/libsvn_subr/auth.c:198
#7 0x0034794c in server_ssl_callback (userdata=0x9bc8a60, failures=1,
---Type <return> to continue, or q <return> to quit---
cert=0x9c32938) at subversion/libsvn_ra_dav/session.c:196
#8 0x005a903e in ne_ssl_cert_validity () from /usr/lib/libneon.so.24
#9 0x005a950e in ne_negotiate_ssl () from /usr/lib/libneon.so.24
#10 0x0059d53b in ne_get_session () from /usr/lib/libneon.so.24
#11 0x0059c885 in ne_read_response_block () from /usr/lib/libneon.so.24
#12 0x0059cf5c in ne_begin_request () from /usr/lib/libneon.so.24
#13 0x0059d215 in ne_request_dispatch () from /usr/lib/libneon.so.24
#14 0x0034963e in parsed_request (sess=0x9bd18a0, method=0x34b146
"PROPFIND",
url=0x9b6d618 "/repos/asf/httpd/httpd/branches/1.3.x",
body=0x9c61f58 "�\030�\t", body_file=0x1,
set_parser=0x346500 <set_parser>, elements=0x1, use_neon_shim=1,
validate_compat_cb=0x1, startelm_compat_cb=0x1, endelm_compat_cb=0x1,
startelm_cb=0x1, cdata_cb=0x1, endelm_cb=0x1, baton=0xbfff89d0,
extra_headers=0x9b6d640, status_code=0x0, pool=0x9a909b8)
at subversion/libsvn_ra_dav/util.c:603
#15 0x00349a8c in svn_ra_dav__parsed_request_compat (sess=0x1,
method=0x1 <Address 0x1 out of bounds>,
url=0x1 <Address 0x1 out of bounds>, body=0x1 <Address 0x1 out of
bounds>,
body_file=0x1, set_parser=0x1, elements=0x1, validate_cb=0x1,
startelm_cb=0x1, endelm_cb=0x1, baton=0x1, extra_headers=0x1,
status_code=0x1, pool=0x1) at subversion/libsvn_ra_dav/util.c:716
#16 0x00346712 in svn_ra_dav__get_props (results=0x1, sess=0x1,
url=0x1 <Address 0x1 out of bounds>, depth=-1073772080,
---Type <return> to continue, or q <return> to quit---
label=0x9a909b8 "\200)�\t`\031�\t���\t\204)�\t\200Ӷ\t�(�\t",
which_props=0x34c520, pool=0x9a909b8)
at subversion/libsvn_ra_dav/props.c:527
#17 0x003467fa in svn_ra_dav__get_props_resource (rsrc=0xbfff8b08, sess=0x1,
url=0x9b6d5e0 "/repos/asf/httpd/httpd/branches/1.3.x", label=0x0,
which_props=0x1, pool=0x9a909b8) at
subversion/libsvn_ra_dav/props.c:554
#18 0x00346a55 in svn_ra_dav__get_starting_props (rsrc=0x1, sess=0x1,
url=0x1 <Address 0x1 out of bounds>,
label=0x1 <Address 0x1 out of bounds>, pool=0x1)
at subversion/libsvn_ra_dav/props.c:626
#19 0x00346aeb in svn_ra_dav__search_for_starting_props (rsrc=0xbfff8b08,
missing_path=0x1, sess=0x9bd18a0, url=0x1 <Address 0x1 out of bounds>,
pool=0x9a909b8) at subversion/libsvn_ra_dav/props.c:656
#20 0x00346c6e in svn_ra_dav__get_vcc (vcc=0x1, sess=0x1,
url=0x1 <Address 0x1 out of bounds>, pool=0x1)
at subversion/libsvn_ra_dav/props.c:713
#21 0x00343e01 in reporter_finish_report (report_baton=0x9bc8b40,
pool=0x9a909b8) at subversion/libsvn_ra_dav/fetch.c:2390
#22 0x004119a2 in svn_wc_crawl_revisions (path=0x0, adm_access=0x9a9ffa0,
reporter=0x34c240, report_baton=0x9bc8b40, restore_files=1, recurse=1,
use_commit_times=0, notify_func=0x8050e10 <notify>,
notify_baton=0x9a909f0, traversal_info=0x1, pool=0x9a909b8)
at subversion/libsvn_wc/adm_crawler.c:606
---Type <return> to continue, or q <return> to quit---
#23 0x0067f982 in svn_client__update_internal (result_rev=0x0,
path=0x9a83a18 "pristine/apache-1.3", revision=0xbfff8f30, recurse=1,
timestamp_sleep=0x0, ctx=0x9a82fa0, pool=0x9a909b8)
at subversion/libsvn_client/update.c:150
#24 0x0067fb6a in svn_client_update (result_rev=0x1,
path=0x1 <Address 0x1 out of bounds>, revision=0x1, recurse=1, ctx=0x1,
pool=0x1) at subversion/libsvn_client/update.c:203
#25 0x080544c8 in svn_cl__update (os=0x1, baton=0x1, pool=0x9a83a18)
at subversion/clients/cmdline/update-cmd.c:76
#26 0x0804fe80 in main (argc=-1073771092, argv=0x1)
at subversion/clients/cmdline/main.c:1332
#27 0x00f8479d in __libc_start_main () from /lib/tls/libc.so.6
#28 0x0804b9f1 in _start ()
Regards,
Graham
--
Re: Certificate problems hang subversion
Posted by Ben Collins-Sussman <su...@collab.net>.
On Jan 24, 2005, at 1:33 AM, Graham Leggett wrote:
>
> - Fingerprint:
> 7c:84:1f:93:73:86:2d:fe:f1:6d:ab:47:67:18:e4:43:41:ac:8d:09
> (R)eject, accept (t)emporarily or accept (p)ermanently? p
>
> Accepting the cert either temporarily or permanently results in the
> same
> thing - the svn client hangs.
>
> I am using v1.1.1 - is this problem fixed in v1.1.3?
>
This problem is unheard of. Are you the only one experiencing it? Or
have you talked ot anyone else who can reproduce it? How can we
reproduce it? Can you attach to the process to see what it's doing?
I'm unable to reproduce. I accept the certificate (t)emporarily, and
things proceed just fine. Perhaps you have buggy neon or openssl libs?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org