Re: svn/neon fails to prompt user when encountering self-signed/etc. certs

From: Joe Orton <jorton_at_redhat.com>
Date: Fri, 4 Dec 2009 13:28:27 +0000

On Thu, Dec 03, 2009 at 01:04:02PM -0500, Greg Troxel wrote:
> We are having a mysterious problem with https: access to subversion, and
> I wonder if neon/openssl has some ambiguity about return codes that is
> causing what should turn into prompt-if-ok to be a fatal error without
> that.
>
> With neon-debug-mask = 255, I get:

Can you send the logs with neon-debug-mask set to 258? This will
include the SSL-level debugging outtput.

Separately, can you try with this patch applied to neon? It should
still fail, but it might give a more comprehensible error.

Index: src/ne_openssl.c
===================================================================
--- src/ne_openssl.c (revision 1752)
+++ src/ne_openssl.c (working copy)
@@ -398,7 +398,7 @@
         sess->ssl_context->failures |= NE_SSL_UNHANDLED;
         NE_DEBUG(NE_DBG_SSL, "ssl: Unhandled verification error %d -> %s\n",
                  err, X509_verify_cert_error_string(err));
- return 0;
+ return 1;
     }

     sess->ssl_context->failures |= failures;

Regards, Joe

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2427020

Please start new threads on the <users_at_subversion.apache.org> mailing list.
To subscribe to the new list, send an empty e-mail to <users-subscribe_at_subversion.apache.org>.
Received on 2009-12-04 14:29:37 CET

This message: [ Message body ]
Next message: Joe Orton: "Re: Subversion: integration of certificate based login"
Previous message: Kurt Pruenner: "Re: Ignore pattern for a subdirectory?"
In reply to: Greg Troxel: "svn/neon fails to prompt user when encountering self-signed/etc. certs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]