| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-2.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,TW_SV |
| X-Spam-Check-By: | sourceware.org |
| Message-ID: | <4F45BAFE.5060004@acm.org> |
| Date: | Wed, 22 Feb 2012 20:05:18 -0800 |
| From: | David Rothenberger <daveroth AT acm DOT org> |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 |
| MIME-Version: | 1.0 |
| To: | denis DOT chancogne AT free DOT fr |
| CC: | cygwin <cygwin AT cygwin DOT com> |
| Subject: | Re: CYGWIN Subversion >= 1.7.2; problem to use protocol https. |
| References: | <96956e2d-c836-46ba-8290-ae473d6d18de AT zimbra59-e10 DOT priv DOT proxad DOT net> |
| In-Reply-To: | <96956e2d-c836-46ba-8290-ae473d6d18de@zimbra59-e10.priv.proxad.net> |
| X-IsSubscribed: | yes |
| Reply-To: | cygwin AT cygwin DOT com |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On 2/22/2012 1:09 PM, denis DOT chancogne AT free DOT fr wrote:
>> It's rather hard for me to debug this issue further without access to
>> the server that's causing the problem. It works fine for me using SSL
>> against my repository.
>>
>> If you're willing to let me debug against your server, please send me a
>> private email with the details to the address in my signature.
>
> You can access the server at the following address :
>
> https://[address elided]
>
> This is a private server so the certificate is self-signed and not still valid ...
> I added a read access to everybody.
Denis,
Thanks for giving me access to your server. I'm following up on the
Cygwin list so others can chime in.
It does appear this is a problem with OpenSSL and/or the way SVN is
using it. I tried using both neon and serf with SVN but it fails
with both. I also tried subversion 1.6.16 for Cygwin and it fails
with that, too.
My Debian Linux box has subversion 1.6.12 and it works from
there. It's using an older openssl (0.9.8o) that seems to default to
SSLv2 instead of TLSv1 for your server. The neon library there uses
gnutls instead of openssl, which also works fine.
The "openssl s_client" command on Cygwin is able to make a
connection to your server. But there is a slight difference in the
"Client Hello" message sent by s_client and svn. svn uses the TLSv1
"server_name" extension. The "Server Hello" response includes a
TLSv1 Alert "Warning Unrecognized Name". The s_client does not use
the server_name extension.
I really have no idea if that's the problem or not. I'll have to
spend some more time poking through the Subversion code, but that
might not happen for a while.
I might also try building neon against gnutls, but even if that
works it might not be a great solution for you since (1) I don't
maintain neon and (2) Subversion as a project is moving away from
neon to serf, and it doesn't appear that serf can be built against
gnutls.
Sorry I couldn't be more help.
--
David Rothenberger ---- daveroth AT acm DOT org
"Ahead warp factor 1"
-- Captain Kirk
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |