[Bug 294648] Re: svn over https with client certificates broken (regression in intrepid)

Martin Lindhe 294648 at bugs.launchpad.net
Tue Feb 14 16:06:46 UTC 2012 

Hello. Yesterday I updated our dev server from Ubuntu 11.04 to 11.10.
And now all our LTS server installs (Ubuntu 10.04) can no longer
communicate with the svn repository:

svn: OPTIONS of 'https://xxx/xxx': SSL handshake failed: SSL error: A
TLS warning alert has been received. (https://xxx)

using the suggested libneon alias:

svn: OPTIONS of 'https://xxx/xxx': SSL handshake failed: SSL error code
-1/1/336032856 (https://xxx)

I also tried the "SSLVerifyClient none" apache config without success

Ubuntu 10.04 LTS has libneon27 version 0.29.0-1

Can the libneon package be backported to LTS to fix up this
infrastructure mess, or do you expect us to upgrade all LTS servers to
non LTS builds in order to continue to check out code to them
(production systems)?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subversion in Ubuntu.
https://bugs.launchpad.net/bugs/294648

Title:
  svn over https with client certificates broken (regression in
  intrepid)

Status in an HTTP and WebDAV client library:
  Fix Released
Status in Subversion:
  Fix Released
Status in “neon27” package in Ubuntu:
  Fix Released
Status in “subversion” package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: subversion

  After upgrading from hardy to intrepid, svn with https client
  certificates authentication stopped working, giving the following
  error:

  user at testhost:~$ svn info https://svn.example.org/svn/main/
  svn: OPTIONS of 'https://svn.example.org/svn/main': Could not read status line: SSL error: Rehandshake was requested by the peer. (https://svn.example.org)

  This is against an apache2 server with
  <Location /svn>
            SSLVerifyClient require
  ...

  If I set "SSLVerifyClient none" everything just works, hence the
  conclusion that this is related to client certificate verification. I
  have configured my svn client to use a pkcs#12 file.

  This may be related to http://bugs.debian.org/480041

  Version info:
  subversion 1.5.1dfsg1-1ubuntu2
  libneon27-gnutls 0.28.2-2build1

To manage notifications about this bug go to:
https://bugs.launchpad.net/neon/+bug/294648/+subscriptions

More information about the foundations-bugs mailing list