[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SSL errors

From: Cristiano Paris <paris_at_disp.uniroma2.it>
Date: 2004-03-19 20:10:48 CET

On Fri, Mar 19, 2004 at 05:53:30PM +0000, Joe Orton wrote:
> On Fri, Mar 19, 2004 at 06:34:35PM +0100, Cristiano Paris wrote:
> > One friend of mine is trying to use a subversion over https under Linux
> > (Gentoo). He is using:
> >
> > subversion 1.0
> > neon 0.24.4
> > ssl 0.9.7d
> >
> > If he tries to check out the files from the repository he gets the
> > following error:
> >
> > "SSL error: decryption failed or bad record mac"
>
> Does connecting using:
>
> $ openssl s_client -connect server.host.name:443
>
> from the same machine work?

Yes it work.

Here's the output:

faber@bzimage faber $ openssl s_client -connect 192.168.0.7:443
CONNECTED(00000003)
depth=0 /C=IT/ST=Rome/L=Rome/O=The Shire/OU=The Shire Web
Services/CN=theshire.homedns.org/emailAddress=frodo@theshire.org
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=IT/ST=Rome/L=Rome/O=The Shire/OU=The Shire Web
Services/CN=theshire.homedns.org/emailAddress=frodo@theshire.org
verify return:1

---
Certificate chain
0 s:/C=IT/ST=Rome/L=Rome/O=The Shire/OU=The Shire Web
Services/CN=theshire.homedns.org/emailAddress=frodo@theshire.org
  i:/C=IT/ST=Rome/L=Rome/O=The Shire/OU=The Shire Web
Services/CN=theshire.homedns.org/emailAddress=frodo@theshire.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDwDCCAymgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCSVQx
DTALBgNVBAgTBFJvbWUxDTALBgNVBAcTBFJvbWUxEjAQBgNVBAoTCVRoZSBTaGly
ZTEfMB0GA1UECxMWVGhlIFNoaXJlIFdlYiBTZXJ2aWNlczEdMBsGA1UEAxMUdGhl
c2hpcmUuaG9tZWRucy5vcmcxITAfBgkqhkiG9w0BCQEWEmZyb2RvQHRoZXNoaXJl
Lm9yZzAeFw0wNDAzMDQxODIxMDhaFw0wNTAzMDQxODIxMDhaMIGiMQswCQYDVQQG
EwJJVDENMAsGA1UECBMEUm9tZTENMAsGA1UEBxMEUm9tZTESMBAGA1UEChMJVGhl
IFNoaXJlMR8wHQYDVQQLExZUaGUgU2hpcmUgV2ViIFNlcnZpY2VzMR0wGwYDVQQD
ExR0aGVzaGlyZS5ob21lZG5zLm9yZzEhMB8GCSqGSIb3DQEJARYSZnJvZG9AdGhl
c2hpcmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+/AC7sx9HOx4l
pZzAz1k0ugTbGpUktHsPi+2XbryPC0VgFvjZ9xQ+a2tKlnW+5kUjTOKHYShaebh2
kIIYLiJhNb4jHMYbLZgWYqkSe/RpxAZ+l/T506mTc8hidUMLf0+WWs6UIilFQtF6
qfmIwpbFQs4520pEuXE4HjACgYkruwIDAQABo4IBAjCB/zAdBgNVHQ4EFgQU0Odo
/Px/VGmRBkKUQxqZlCKIXMswgc8GA1UdIwSBxzCBxIAU0Odo/Px/VGmRBkKUQxqZ
lCKIXMuhgaikgaUwgaIxCzAJBgNVBAYTAklUMQ0wCwYDVQQIEwRSb21lMQ0wCwYD
VQQHEwRSb21lMRIwEAYDVQQKEwlUaGUgU2hpcmUxHzAdBgNVBAsTFlRoZSBTaGly
ZSBXZWIgU2VydmljZXMxHTAbBgNVBAMTFHRoZXNoaXJlLmhvbWVkbnMub3JnMSEw
HwYJKoZIhvcNAQkBFhJmcm9kb0B0aGVzaGlyZS5vcmeCAQAwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQQFAAOBgQC2ipcUL7U/Y+Z02t2H5dBC2n+uyC5XjLHytFjN
yvE98ynoGEr1pvYlBkOfB3AKMGtUQ6Tel8mbpv2MBoLL2IKfksf4WefxQCE5WRaK
lyEhOTMuWp3ksrWrWysC0pYVIMXRu2Bc7Mqp0CJsbBgNGM/Qo8Mtdt38jaqGutAo
n6Zy7Q==
-----END CERTIFICATE-----
subject=/C=IT/ST=Rome/L=Rome/O=The Shire/OU=The Shire Web
Services/CN=theshire.homedns.org/emailAddress=frodo@theshire.org
issuer=/C=IT/ST=Rome/L=Rome/O=The Shire/OU=The Shire Web
Services/CN=theshire.homedns.org/emailAddress=frodo@theshire.org
---
No client certificate CA names sent---
SSL handshake has read 1520 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
   Protocol  : TLSv1
   Cipher    : EDH-RSA-DES-CBC3-SHA
   Session-ID:
2FF6CDB3B5860870CB49AE0329937E19F776D3829B3CFE04EEC2CC4CBE30C228
   Session-ID-ctx:
   Master-Key:
F6EE96D4FBA9645AE3FE58763A4665F13E12B7477C7B9BAFD7CC00C458B7097ECF9A7DECA52D8F337F21EA9A793A9B6F
   Key-Arg   : None
   Start Time: 1079719168
   Timeout   : 300 (sec)
   Verify return code: 18 (self signed certificate)
---
GET /svn/private/openservice-website/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr />
<address>Apache/2.0.48 (Unix) mod_ssl/2.0.48 OpenSSL/0.9.6d DAV/2
SVN/1.0.0 Server at theshire.homedns.org Port 443</address>
</body></html>
read:errno=0
faber@bzimage faber $
Cristiano
----
Web: http://www.disp.uniroma2.it/users/paris
Public PGP/GnuPG key
pub  1024D/32CA6D54 2004-01-23 Cristiano Paris (RHPK) <c.paris@email.it>
     Key fingerprint = 3BFD 9884 230A 1F17 391C  1434 80CB 2C7A 32CA 6D54
----

  • application/pgp-signature attachment: stored
Received on Fri Mar 19 20:37:00 2004

This is an archived mail posted to the Subversion Users mailing list.