Bug#327269: apache2 security update breaks ssl+svn
Andreas Jellinghaus wrote:
>Package: apache2
>Version: 2.0.54-5
>Severity: critical
>
>After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
>
>subversion client (e.g. checkout):
>svn: PROPFIND request failed on '/svn/test'
>svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
>alert unexpected message (https://www.opensc.org)
>
>apache error log:
>[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
>accepted by client!?
>
>downgrade to 2.0.54-4 and everything is fine again.
>
>debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
>apache2 on 80 and 443, ssl with self signed certificate,
>accepting a list of self signed certificates, svn repository
>needs those for write access only.
>
>more configuration and any detail you need available on request.
>
>
I would like a tarball of your /etc/apache2/, if that's not too much
inconvenience. I suspect a combination of a longstanding subversion bug
and a (mis)configuration of apache2 are biting you, and the recent
apache2 bugfix just exposed the issue. I need to see how you have your
sites set up to confirm this, though.
... Adam
Reply to: