AW: parse tlsext bug

From: Sebastian Krysmanski <sebastian_at_krysmanski.de>
Date: Wed, 5 Aug 2009 11:27:00 +0200

Hi Joe,

I could file a bug against mod_ssl but I'm not sure what to insert in this report since the problem only seems to appear in Subversion.

Yes, I control the server the problem occurs on. I've reproduced the problem and uploaded the Apache log (level: debug) here: http://files.mayastudios.de/svn-fail.log

The log only contains log entries from Apache's startup and this svn command (nothing else):

> svn merge -r 992:993 https://svn.mayastudios.de/fred/repos/branches/Fred2.0
--- Merging r993 into '.':
G sources/Tests/test/com/mayastudios/fred/server/model/UIDDiscriminatorTest.java
G sources/Tests/test/com/mayastudios/fred/server/business/EffortBpoTest.java
G sources/Tests/test/com/mayastudios/fred/server/business/ProjectTaskBpoTest.java
svn: PROPFIND of '/fred/repos/!svn/bc/992/branches/Fred2.0/sources/Tests/harness/com/mayastudios/fred/testharness/hibernate': SSL negotiation failed: SSL error: parse tlsext (https://svn.mayastudios.de)
svn: Error reading spooled REPORT request response

I can reproduce the problem every time. You can find the exact steps here: https://svn.mayastudios.de/fred/ticket/55#comment:4 However, since I and several other people are using the server I downgraded to Apache 2.2.11 again (with which you can't reproduce the problem). However, I could upgrade to Apache 2.2.12 for a short time so that you could reproduce the problem yourself. Just let me know when you're ready to do so (so that I can keep my server's "downtime" as short as possible). I'm in the SVN IRC chat very often (username is "Manski") so this would be a way to contact me.

Regards
Sebastian

-----Ursprüngliche Nachricht-----
Von: Joe Orton [mailto:jorton_at_redhat.com]
Gesendet: Dienstag, 4. August 2009 09:55
An: Sebastian Krysmanski
Cc: dev_at_subversion.tigris.org
Betreff: Re: parse tlsext bug

On Mon, Aug 03, 2009 at 08:17:26PM +0200, Sebastian Krysmanski wrote:
> After some trial and error I found out that the problem (at least the cases
> I could reproduce) only occurs when using Apache HTTPd 2.2.12. After I
> reverted to version 2.2.11 the error was gone (but this can't be a permanent
> solution).

httpd 2.2.12 enabled the TLS SNI extension, which is undoubtedly
related. Could you file a bug against mod_ssl here:

https://issues.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2

(it is possible this bug lies anywhere between neon, OpenSSL and
mod_ssl, but we should first eliminate mod_ssl)

Do you control the server for which this bug can be reproduced? If so
it would be helpful to enable "LogLevel debug" (temporarily) in the
global server configuration, and capture complete mod_ssl debug logs
whilst the problem is reproduced.

Do you also have a precise set of steps I could follow to reproduce the
issue? Could you also find out what version of OpenSSL the server is
using?

Regards, Joe

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2380361
Received on 2009-08-05 11:27:45 CEST

This message: [ Message body ]
Next message: Karl Heinz Marbaise: "Re: small library to contribute"
Previous message: Stefano Mosconi: "small library to contribute"
In reply to: Joe Orton: "Re: parse tlsext bug"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]