This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CYGWIN Subversion >= 1.7.2; problem to use protocol https.


On 2/22/2012 1:09 PM, denis.chancogne@free.fr wrote:
>> It's rather hard for me to debug this issue further without access to
>> the server that's causing the problem. It works fine for me using SSL
>> against my repository.
>>
>> If you're willing to let me debug against your server, please send me a
>> private email with the details to the address in my signature.
> 
> You can access the server at the following address :
> 
>   https://[address elided]
> 
> This is a private server so the certificate is self-signed and not still valid ...
> I added a read access to everybody.

Denis,

Thanks for giving me access to your server. I'm following up on the
Cygwin list so others can chime in.

It does appear this is a problem with OpenSSL and/or the way SVN is
using it. I tried using both neon and serf with SVN but it fails
with both. I also tried subversion 1.6.16 for Cygwin and it fails
with that, too.

My Debian Linux box has subversion 1.6.12 and it works from
there. It's using an older openssl (0.9.8o) that seems to default to
SSLv2 instead of TLSv1 for your server. The neon library there uses
gnutls instead of openssl, which also works fine.

The "openssl s_client" command on Cygwin is able to make a
connection to your server. But there is a slight difference in the
"Client Hello" message sent by s_client and svn. svn uses the TLSv1
"server_name" extension.  The "Server Hello" response includes a
TLSv1 Alert "Warning Unrecognized Name". The s_client does not use
the server_name extension.

I really have no idea if that's the problem or not. I'll have to
spend some more time poking through the Subversion code, but that
might not happen for a while.

I might also try building neon against gnutls, but even if that
works it might not be a great solution for you since (1) I don't
maintain neon and (2) Subversion as a project is moving away from
neon to serf, and it doesn't appear that serf can be built against
gnutls.

Sorry I couldn't be more help.

-- 
David Rothenberger  ----  daveroth@acm.org

"Ahead warp factor 1"
                -- Captain Kirk

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]