[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TSVN 1.7.7 ignores certs in servers file?

From: Joel Jirak <joel_at_jirak.us>
Date: Fri, 8 Jun 2012 10:46:45 -0400

I hit send too soon. Additional data points for help in debugging:

1. TortoiseSVN 1.7.7, Build 22907 - 64 Bit , 2012/05/15 12:16:05
     Subversion 1.7.5,
     apr 1.4.6
     apr-utils 1.3.12
     neon 0.29.6
     OpenSSL 1.0.1c 10 May 2012
     zlib 1.2.7
2. svn.exe 1.7.5 bundled with TSVN exhibits the same behavior.
3. svn.exe 1.7.5 from Collabnet works without problems. It uses
openssl 1.0.0.7 (That's the version ssleay32.dll, but I don't recognize
that version for openssl?)
4. svn.exe 1.7.5 from Wandisco works without problems. It uses
openssl 0.9.8.11.
5. svn.exe 1.7.5 from http://sourceforge.net/projects/win32svn/ works
without problems. It uses openssl 1.0.1c.
6. Setting the registry key OpenSSLCapi to 0 fixes the problem.

On Fri, Jun 8, 2012 at 10:40 AM, Joel Jirak <joel_at_jirak.us> wrote:

> Hello,
>
> I just upgraded from 1.7.6 to 1.7.7 and noticed a change in behavior:
>
> Environment: Win7, 64-bit, using a certificate to authenticate via HTTPS.
> The certificate is configured via the servers file. There are no
> certificates in my MS certificate store.
> 1.7.6: No errors, all subversion operations work.
> 1.7.7: SSL error, all server operations fail.
>
> The error message is: svn: E175002: OPTIONS of 'https://<host>/svn/<repo>':
> SSL handshake failed: SSL error: cant get key (https://<host>)
>
> I'm guessing that perhaps either the new openssl lib (upgraded to 1.0.1c)
> or the TSVN's modifications to e_capi.c are the culprit. (I say this
> without having actually debugged the code or anything.)
>
> The error text does come from e_capi_err.c in OpenSSL:
> {ERR_REASON(CAPI_R_CANT_GET_KEY) ,"cant get key"}
>
> Would it be possible for TSVN to handle this error, and if detected, fall
> back to the servers file?
>
> Thanks!
>
> Joel Jirak
>
>
> P.S. Additional debugging data:
> 1. TortoiseSVN 1.7.7, Build 22907 - 64 Bit , 2012/05/15 12:16:05
> Subversion 1.7.5,
> apr 1.4.6
> apr-utils 1.3.12
> neon 0.29.6
> OpenSSL 1.0.1c 10 May 2012
> zlib 1.2.7
>
>

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2969815

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-06-08 16:46:54 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.