Bug#327269: apache2 security update breaks ssl+svn
On Fri, 2005-09-09 at 10:37 +1000, Adam Conrad wrote:
> Andreas Jellinghaus wrote:
>
> >Package: apache2
> >Version: 2.0.54-5
> >Severity: critical
> >
> >After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
> >
> >subversion client (e.g. checkout):
> >svn: PROPFIND request failed on '/svn/test'
> >svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
> >alert unexpected message (https://www.opensc.org)
> >
> >apache error log:
> >[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
> >accepted by client!?
> >
> >downgrade to 2.0.54-4 and everything is fine again.
> >
> >debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
> >apache2 on 80 and 443, ssl with self signed certificate,
> >accepting a list of self signed certificates, svn repository
> >needs those for write access only.
> >
> >more configuration and any detail you need available on request.
> >
> >
> I would like a tarball of your /etc/apache2/, if that's not too much
> inconvenience. I suspect a combination of a longstanding subversion bug
> and a (mis)configuration of apache2 are biting you, and the recent
> apache2 bugfix just exposed the issue. I need to see how you have your
> sites set up to confirm this, though.
After reading the initial bug report I checked with my upgraded SVN
servers (no client certs involved). "Fresh" checkouts seem to work
flawless but checkouts from user accounts that had allready checked
out from the server hang. Doing a 'svn co --no-auth-cache' from these
accounts seems to have fixed the problem (i.e. afterwards checkouts
work even without the '--no-auth-cache' option). Maybe there's a problem
with SVNs cert cache?
HTH Ralf Mattes
> ... Adam
>
>
>
>
Reply to: