Opened 10 years ago

Last modified 10 years ago

#16 reopened defect

svn commit with HTTPSでエラーが起こる

Reported by: mitty Owned by: mitty
Priority: blocker Component: configuration
Keywords: Cc:

Description (last modified by mitty)


error message

  1. svn --no-auth-cache --username mitty ci -m " * mod"
    (snip)
    Sending        trunk/ywqR5wC5KT
    Sending        trunk/yxFQsEQHJU
    svn: Commit failed (details follow):
    svn: CHECKOUT of '/svn/failtest/!svn/ver/2/trunk/yxFQsEQHJU': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
    
  2. svn --no-auth-cache --username mitty ci -m " * remove"
    (snip)
    Deleting       trunk/u1fyI4QKQe
    Deleting       trunk/uqzHb0GBV2
    svn: Commit failed (details follow):
    svn: DELETE of '/svn/failtest/!svn/wrk/518a050a-6d10-49ab-9c84-9990aa5a6b33/trunk/uqzHb0GBV2': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
    
  3. svn --no-auth-cache --username mitty ci -m " * remove"
    (snip)
    Adding         branches/GDIovcGJtI
    Adding         branches/I6yZir39ZN
    svn: Commit failed (details follow):
    svn: PROPFIND of '/svn/failtest/trunk/I6yZir39ZN': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
    
  4. svn --no-auth-cache --username mitty ci -m " * remove"
    (snip)
    Adding         branches/zEyZMfQaE4
    Adding         branches/zYpc5NR3SF
    Transmitting file data .......svn: Commit failed (details follow):
    svn: PUT of '/svn/failtest/!svn/wrk/d4ef143f-d21a-49bf-821a-0aaae744ec83/branches/u10DxQri4u': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
    
  5. svn --no-auth-cache --username mitty up
    (snip)
    A    branches/b5oW4cSz2H
    A    branches/kJFJTQ7ABX
    svn: PROPFIND of '/svn/failtest/trunk/JMHgjHhETC': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
    

apache2 access log

  • /var/log/apache2/*_20101021_log
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/trunk/b5oW4cSz2H HTTP/1.1" 207 452 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/vcc/default HTTP/1.1" 207 148 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/b5oW4cSz2H HTTP/1.1" 207 436 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "GET /svn/failtest/!svn/bc/4/trunk/b5oW4cSz2H HTTP/1.1" 200 244 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/b5oW4cSz2H HTTP/1.1" 207 804 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/trunk/kJFJTQ7ABX HTTP/1.1" 207 500 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/vcc/default HTTP/1.1" 207 148 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/kJFJTQ7ABX HTTP/1.1" 207 452 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "GET /svn/failtest/!svn/bc/4/trunk/kJFJTQ7ABX HTTP/1.1" 200 244 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/kJFJTQ7ABX HTTP/1.1" 207 836 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
    
  • error logには出力はない

test environment

  • apache2 -V
    Server version: Apache/2.2.14 (Ubuntu)
    Server built:   Sep 28 2010 12:54:21
    Server's Module Magic Number: 20051115:23
    Server loaded:  APR 1.3.8, APR-Util 1.3.9
    Compiled using: APR 1.3.8, APR-Util 1.3.9
    Architecture:   64-bit
    Server MPM:     Worker
      threaded:     yes (fixed thread count)
        forked:     yes (variable process count)
    Server compiled with....
     -D APACHE_MPM_DIR="server/mpm/worker"
     -D APR_HAS_SENDFILE
     -D APR_HAS_MMAP
     -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
     -D APR_USE_SYSVSEM_SERIALIZE
     -D APR_USE_PTHREAD_SERIALIZE
     -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
     -D APR_HAS_OTHER_CHILD
     -D AP_HAVE_RELIABLE_PIPED_LOGS
     -D DYNAMIC_MODULE_LIMIT=128
     -D HTTPD_ROOT=""
     -D SUEXEC_BIN="/usr/lib/apache2/suexec"
     -D DEFAULT_PIDLOG="/var/run/apache2.pid"
     -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
     -D DEFAULT_ERRORLOG="logs/error_log"
     -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
     -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
    
  • libapache2-svn
    Version: 1.6.6dfsg-2ubuntu1
    
  • svn --version
    svn, version 1.6.5 (r38866)
       compiled Oct 16 2009, 02:54:10
    
    Copyright (C) 2000-2009 CollabNet.
    Subversion is open source software, see http://subversion.tigris.org/
    This product includes software developed by CollabNet (http://www.Collab.Net/).
    
    The following repository access (RA) modules are available:
    
    * ra_neon : Module for accessing a repository via WebDAV protocol using Neon.
      - handles 'http' scheme
      - handles 'https' scheme
    * ra_svn : Module for accessing a repository using the svn network protocol.
      - handles 'svn' scheme
    * ra_local : Module for accessing a repository on local disk.
      - handles 'file' scheme
    
    • on Mac OS X Server

発生条件

  • 一つ二つのファイルによるsvn commitやsvn deleteなどでは発生しない
  • 大量のファイルをadd,copy,move,removeなどすると起こる
  • SVN/1.6.5 (r38866) neon/0.28.3 on MacOS X以外では発生を確認できず。
    1. SVN/1.6.6 (r40053) neon/0.29.0 on Ubuntu lucid x64
    2. SVN/1.6.13 (r1002816) neon/0.29.4 from CollabNet on Windows 7 x64
    3. SVN/1.6.13 (r1002816)/TortoiseSVN-1.6.11.20210 neon/0.29.4 on Windows 7 x64

Change History (5)

comment:1 Changed 10 years ago by mitty

  • Description modified (diff)

comment:2 Changed 10 years ago by mitty

  • SSL error: parse tlsext
    • That looks like it is only part of the actual error code. I suspect it is because the server doesn't support secure renegotiation. You can check this by doing:
      • openssl s_client -connect xxx.org:443
    • しかし、本件では当てはまらない模様
      • openssl s_client -connect localhost:443
        New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
        Server public key is 1024 bit
        Secure Renegotiation IS supported
        Compression: NONE
        Expansion: NONE
        SSL-Session:
            Protocol  : TLSv1
            Cipher    : DHE-RSA-AES256-SHA
        

comment:3 Changed 10 years ago by mitty

Last edited 10 years ago by mitty (previous) (diff)

comment:4 follow-up: Changed 10 years ago by mitty

  • Owner set to mitty
  • Status changed from new to deploy

comment:5 in reply to: ↑ 4 Changed 10 years ago by mitty

  • Status changed from deploy to reopened

Replying to mitty:

  • subversionのupdateによる解決
  • 依然として「SSL negotiation failed: SSL error: parse tlsext」が起きるので、直っていない
  • svn自体ではなくてopensslのversionを上げる必要がある?
Note: See TracTickets for help on using tickets.