[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 31 Jul 2018 16:54:17 +0000

Folker Schamel wrote on Tue, Jul 31, 2018 at 17:42:10 +0200:
> On 2018-07-31 17:04, Philip Martin wrote:
> > Folker Schamel <schamel23_at_spinor.com> writes:
> > > For the broken setup, the client reports:
> > > svn: E120171: Error running context: An error occurred during SSL communication
> > > And the server Apache log reports:
> > > ssl_engine_io.c(1308): (70014)End of file found: [client xxxxx:xxxxx]
> > > AH02007: SSL handshake interrupted by system [Hint: Stop button
> > > pressed in browser?!]
>
> Maybe a hint in the svn release notes could be useful, since the svn error
> messages are not very useful.

Subversion uses Serf, which uses OpenSSL, which talks to an SSL implementation
on the server. The root cause of the error is known to the SSL implementation
on the server (that's why you see it in the error log). It's not obvious that
OpenSSL on the client side even knows what the root cause is. It could be that
only the server-side SSL implementation knows the root cause; it could be that
the client-side SSL implementation also knows the root cause, but the ball of
relaying that information up the stack (openssl->serf->libsvn->stderr) was
dropped.

The error code in question (E120171, SERF_ERROR_SSL_COMM_FAILED) does appear to
be somewhat of a catchall, i.e., a code to which several openssl errors are
mapped; but nevertheless, I wouldn't be surprised if the openssl client-side
error message were less detailed than the server-side one.

For what it's worth, the only part of the quoted error message that Subversion
controls is the text "Error running context". The remainder, both the number
prefixed andthe error suffixed, is generated by the serf library, based on an
error returned by the openssl library.

That said, I do agree that "Error running context" isn't the best phrasing.
"Context", here, is the name of an internal API. Something like "HTTP request
failed" would be better, wouldn't it?

> Thanks a lot!
> And sorry for bothering on the dev list. I should have posted to user.
> Also thanks for your other SNI and DEFLATE tips!

Cheers,

Daniel
Received on 2018-07-31 18:54:43 CEST

This is an archived mail posted to the Subversion Dev mailing list.