[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Problem with SSL Client auth and libserf

From: Lieven Govaerts <lgo_at_apache.org>
Date: Fri, 26 Jul 2013 11:14:03 +0200

Hi,

On Thu, Jul 25, 2013 at 4:25 PM, Bernd May
<bernd_at_net.t-labs.tu-berlin.de> wrote:
> Hello,
>
> I am experiencing re-negotiation issues namely connection closed when
> trying to use a subversion client >=1.8 against an svn server running
>
> Debian Wheezy
> apache 2.2.22
> libapache 1.8.1
> subversion 1.8.1
> openssl 1.0.1e
>
> with ssl client auth.

[..]

> [Thu Jul 25 16:20:12 2013] [info] [client <myip>] Requesting connection
> re-negotiation
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_io.c(1908): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#7fa9ced2a820 [mem: 7fa9ced082c3]
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(764): [client
> <myip>] Performing full renegotiation: complete handshake protocol
> (client does support secure renegotiation)
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(1866): OpenSSL:
> Handshake: start
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(1874): OpenSSL:
> Loop: SSL renegotiate ciphers
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(1874): OpenSSL:
> Loop: SSLv3 write hello request A
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(1874): OpenSSL:
> Loop: SSLv3 flush data
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(1874): OpenSSL:
> Loop: SSLv3 write hello request C
> [Thu Jul 25 16:20:12 2013] [info] [client <myip>] Awaiting
> re-negotiation handshake
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(1866): OpenSSL:
> Handshake: start
> [Thu Jul 25 16:20:12 2013] [debug] ssl_engine_kernel.c(1874): OpenSSL:
> Loop: before accept initialization
> [Thu Jul 25 16:20:22 2013] [info] [client <myip>] Request body read timeout
> [Thu Jul 25 16:20:22 2013] [debug] ssl_engine_io.c(1908): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#7fa9ced2a820 [mem: 7fa9ced082c3]
> [Thu Jul 25 16:20:22 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL:
> Exit: error in SSLv3 read client hello B
> [Thu Jul 25 16:20:22 2013] [error] [client <myip>] Re-negotiation
> handshake failed: Not accepted by client!?
> [Thu Jul 25 16:20:22 2013] [debug] mod_deflate.c(615): [client <myip>]
> Zlib: Compressed 0 to 2 : URL /svn/bernd
>

This renegotiation issue was solved on serf trunk in r2078, details in
the ticket you opened:
https://code.google.com/p/serf/issues/detail?id=114

r2078 applies cleanly to the serf 1.3.x branch, so if you can validate
the fix before I backport it to 1.3.x that'd be much appreciated!

thanks,

Lieven

> --
> Technische Universität Berlin - FGINET
>
> Bernd May
>
> System Administration
> Sekr. TEL 16
> Ernst-Reuter-Platz 7
> 10587 BERLIN
> GERMANY
>
> Mobile: 0160/90257737
> E-Mail: bernd_at_inet.tu-berlin.de
> WWW: inet.tu-berlin.de
>
Received on 2013-07-26 11:15:13 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.