[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn ssl bug encountered

From: Sander Striker <striker_at_apache.org>
Date: 2001-09-13 13:56:28 CEST

Hi,

I encountered a bug in svn with ssl.
If I put the request below in openssl s_client it returns the contents
of the file, so it is definitely a bug on the svn side (neon?).

I have been able to reproduce the earlier reported segfault in
mod_ssl, but that is a different bug from this one (and on the
apache side). I'll report further on dev@httpd.apache.org about
that one.

I have build svn with debugging output and attached captured output.
Also attached and inlined the apache logs.

The repos is very simple:

svn/README
svn/dir
svn/dir/README

The README files contain 1 line, "Hello\n"

If someone(joe?) has any idea of why neon isn't setting up SSL properly
on the GET request, let me know.

Sander 

---
The relevant portion of the httpd.conf:
<VirtualHost _default_:443>
    SSLEngine on
    SSLCACertificatePath /var/openssl/ca/private
    SSLCACertificateFile /var/openssl/ca/private/cacert.pem
    SSLCertificateFile /var/openssl/ca/certs/striker.xs4all.nl-cert.pem
    SSLCertificateKeyFile /var/openssl/ca/certs/striker.xs4all.nl-key.pem
    DocumentRoot /opt/httpd/htdocs
    ServerName striker.xs4all.nl
    <Location /svn>
        SSLRequireSSL
#        SSLVerifyClient require
#        SSLVerifyDepth 1
        DAV svn
        SVNPath /home/svn
    </Location>
</VirtualHost>
---
Svn request that makes apache return error:
GET /svn/$svn/bc/2/README HTTP/1.1
User-Agent: SVN/M3 neon/0.15.3
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Host: 192.168.0.1:443
---
Apache error log:
[Thu Sep 13 13:22:13 2001] [notice] Apache/2.0.26-dev (Unix) mod_ssl/3.0a0
OpenSSL/0.9.6b DAV/2 SVN/M3 configured -- resuming normal operations
[Thu Sep 13 13:22:13 2001] [info] Server built: Sep 11 2001 10:16:34
[Thu Sep 13 13:22:53 2001] [error] mod_ssl: SSL handshake failed: HTTP
spoken on HTTPS port; trying to send HTML error page (OpenSSL library error
follows)
[Thu Sep 13 13:22:53 2001] [error] OpenSSL: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS
port!?]
---
Apache combined log:
192.168.0.1 - - [13/Sep/2001:13:22:52 +0200] "OPTIONS /svn HTTP/1.1" 200 183
"-" "SVN/M3 neon/0.15.3"
192.168.0.1 - - [13/Sep/2001:13:22:52 +0200] "PROPFIND /svn HTTP/1.1" 207
453 "-" "SVN/M3 neon/0.15.3"
192.168.0.1 - - [13/Sep/2001:13:22:52 +0200] "PROPFIND /svn/$svn/vcc/default
HTTP/1.1" 207 336 "-" "SVN/M3 neon/0.15.3"
192.168.0.1 - - [13/Sep/2001:13:22:53 +0200] "PROPFIND /svn/$svn/bln/2
HTTP/1.1" 207 387 "-" "SVN/M3 neon/0.15.3"
192.168.0.1 - - [13/Sep/2001:13:22:53 +0200] "PROPFIND /svn/$svn/bc/2/
HTTP/1.1" 207 1797 "-" "SVN/M3 neon/0.15.3"
192.168.0.1 - - [13/Sep/2001:13:22:53 +0200] "GET
/mod_ssl:error:HTTP-request HTTP/1.0" 400 728 "-" "-"

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

  • application/octet-stream attachment: error.log
  • application/octet-stream attachment: svn.log
Received on Sat Oct 21 14:36:41 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.