[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[Resolved] SSL negotiation failed: Secure connection truncated

From: Danny MacMillan <flowers_at_users.sourceforge.net>
Date: 2006-08-08 21:01:20 CEST

Hi,

I resolved the issue. See below (I'm keeping the entire message for
the benefit of future search engineers).

On Tue, Aug 08, 2006 at 11:43:24AM -0600, Danny MacMillan wrote:
> Hi,
>
> I have had an impeccably operating Subversion server working for quite
> some time ( in excess of 8 months ). Now, when I attempt to perform an
> svn co, I am getting the following message:
>
> aldebaran% svn co https://dev.emerald-associates.com/tec001/svn/trunk/ ~/jj
> svn: PROPFIND request failed on '/tec001/svn/trunk'
> svn: PROPFIND of '/tec001/svn/trunk': SSL negotiation failed: Secure connection truncated (https://dev.emerald-associates.com)
>
> On the server, I notice a whole lot of messages like this:
>
> Aug 3 22:55:10 hobbit kernel: pid 65294 (httpd), uid 80: exited on signal 11
>
> It seems to me this is about the time these problems started.
>
> I have not recently upgraded any software on the server or done any
> maintenance I can think might have caused this. The server is hosting
> multiple repositories and they are all affected. Restarting apache makes
> no difference. Every time I try to perform an svn checkout, a new
> 'exited on signal 11' message appears in the log and I get the above
> error message from Subversion.
>
> Both client and server are FreeBSD machines running Subversion 1.3.2
> from ports. The same error is evident when attempting to browse the
> repository using TortoiseSVN on Windows, as well. Accessing the
> repository directly with a web browser appears to be functioning
> normally. The server is integrated with Trac and browsing the repository
> with Trac is also unaffected.
>
> I have searched the list archives and the internet for information about
> this issue and found some references, none of which contained any
> information I found useful.
>
> I will be happy to provide any further information that might be of
> benefit troubleshooting this problem. The most befuddling thing to me is
> that the problem literally started happening overnight.

It turns out that Apache was using the wrong OpenSSL. On FreeBSD
machines, OpenSSL is part of the base install but is also available
as a port. On July 17, I installed the port so I could obtain a file
that is not part of the FreeBSD base OpenSSL install -- the CA.pl
script. Since Apache was already running and linked against the proper
version of OpenSSL -- the base system version, the version it was built
against -- it continued to run without issue until last week, when an
unrelated issue forced me to restart Apache. When Apache reloaded, it
used the version from ports, which is what caused the problem.
Deleting the package and restarting Apache resolved the problem.

Pardon the noise.

-- 
Danny MacMillan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 8 21:03:22 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.