Opened 14 years ago
Last modified 14 years ago
#16 reopened defect
svn commit with HTTPSでエラーが起こる
Reported by: | mitty | Owned by: | mitty |
---|---|---|---|
Priority: | blocker | Component: | configuration |
Keywords: | Cc: |
Description (last modified by mitty)
error message
- svn --no-auth-cache --username mitty ci -m " * mod"
(snip) Sending trunk/ywqR5wC5KT Sending trunk/yxFQsEQHJU svn: Commit failed (details follow): svn: CHECKOUT of '/svn/failtest/!svn/ver/2/trunk/yxFQsEQHJU': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
- svn --no-auth-cache --username mitty ci -m " * remove"
(snip) Deleting trunk/u1fyI4QKQe Deleting trunk/uqzHb0GBV2 svn: Commit failed (details follow): svn: DELETE of '/svn/failtest/!svn/wrk/518a050a-6d10-49ab-9c84-9990aa5a6b33/trunk/uqzHb0GBV2': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
- svn --no-auth-cache --username mitty ci -m " * remove"
(snip) Adding branches/GDIovcGJtI Adding branches/I6yZir39ZN svn: Commit failed (details follow): svn: PROPFIND of '/svn/failtest/trunk/I6yZir39ZN': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
- svn --no-auth-cache --username mitty ci -m " * remove"
(snip) Adding branches/zEyZMfQaE4 Adding branches/zYpc5NR3SF Transmitting file data .......svn: Commit failed (details follow): svn: PUT of '/svn/failtest/!svn/wrk/d4ef143f-d21a-49bf-821a-0aaae744ec83/branches/u10DxQri4u': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
- svn --no-auth-cache --username mitty up
(snip) A branches/b5oW4cSz2H A branches/kJFJTQ7ABX svn: PROPFIND of '/svn/failtest/trunk/JMHgjHhETC': SSL negotiation failed: SSL error: parse tlsext (https://lab.mitty.jp)
apache2 access log
- /var/log/apache2/*_20101021_log
130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/trunk/b5oW4cSz2H HTTP/1.1" 207 452 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/vcc/default HTTP/1.1" 207 148 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/b5oW4cSz2H HTTP/1.1" 207 436 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "GET /svn/failtest/!svn/bc/4/trunk/b5oW4cSz2H HTTP/1.1" 200 244 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/b5oW4cSz2H HTTP/1.1" 207 804 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/trunk/kJFJTQ7ABX HTTP/1.1" 207 500 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/vcc/default HTTP/1.1" 207 148 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/kJFJTQ7ABX HTTP/1.1" 207 452 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "GET /svn/failtest/!svn/bc/4/trunk/kJFJTQ7ABX HTTP/1.1" 200 244 "-" "SVN/1.6.5 (r38866) neon/0.28.3" 130.158.XXX.YYY - - [21/Oct/2010:15:00:56 +0900] "PROPFIND /svn/failtest/!svn/bc/4/trunk/kJFJTQ7ABX HTTP/1.1" 207 836 "-" "SVN/1.6.5 (r38866) neon/0.28.3"
- error logには出力はない
test environment
- apache2 -V
Server version: Apache/2.2.14 (Ubuntu) Server built: Sep 28 2010 12:54:21 Server's Module Magic Number: 20051115:23 Server loaded: APR 1.3.8, APR-Util 1.3.9 Compiled using: APR 1.3.8, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/worker" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="" -D SUEXEC_BIN="/usr/lib/apache2/suexec" -D DEFAULT_PIDLOG="/var/run/apache2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
- libapache2-svn
Version: 1.6.6dfsg-2ubuntu1
- svn --version
svn, version 1.6.5 (r38866) compiled Oct 16 2009, 02:54:10 Copyright (C) 2000-2009 CollabNet. Subversion is open source software, see http://subversion.tigris.org/ This product includes software developed by CollabNet (http://www.Collab.Net/). The following repository access (RA) modules are available: * ra_neon : Module for accessing a repository via WebDAV protocol using Neon. - handles 'http' scheme - handles 'https' scheme * ra_svn : Module for accessing a repository using the svn network protocol. - handles 'svn' scheme * ra_local : Module for accessing a repository on local disk. - handles 'file' scheme
- on Mac OS X Server
- テストファイルの生成にはmakerandom.plを使用
発生条件
- 一つ二つのファイルによるsvn commitやsvn deleteなどでは発生しない
- 大量のファイルをadd,copy,move,removeなどすると起こる
- SVN/1.6.5 (r38866) neon/0.28.3 on MacOS X以外では発生を確認できず。
- SVN/1.6.6 (r40053) neon/0.29.0 on Ubuntu lucid x64
- SVN/1.6.13 (r1002816) neon/0.29.4 from CollabNet on Windows 7 x64
- SVN/1.6.13 (r1002816)/TortoiseSVN-1.6.11.20210 neon/0.29.4 on Windows 7 x64
Change History (5)
comment:1 Changed 14 years ago by mitty
- Description modified (diff)
comment:2 Changed 14 years ago by mitty
- SSL error: parse tlsext
- That looks like it is only part of the actual error code. I suspect it is because the server doesn't support secure renegotiation. You can check this by doing:
- openssl s_client -connect xxx.org:443
- しかし、本件では当てはまらない模様
- openssl s_client -connect localhost:443
- That looks like it is only part of the actual error code. I suspect it is because the server doesn't support secure renegotiation. You can check this by doing:
comment:3 Changed 14 years ago by mitty
- "SSL error parse tlsext" on large commit to SVN via Apache, Gentoo - Server Fault
- It is suggested that downgrading to 2.2.11 may fix it, as well as setting SSLProtocol -ALL +SSLv2 +SSLv3 in your Apache config.
- After reading the http-dev thread about this issue, archived at http://www.gossamer-threads.com/lists/apache/dev/375633 , it seems this issue is caused by a bug in the client-side OpenSSL library in regards to how SSL Tickets / IDs are handled, which explains why the error does not occur immediately, but takes a few seconds to minutes.
comment:4 follow-up: ↓ 5 Changed 14 years ago by mitty
- Owner set to mitty
- Status changed from new to deploy
- subversionのupdateによる解決
comment:5 in reply to: ↑ 4 Changed 14 years ago by mitty
- Status changed from deploy to reopened
Replying to mitty:
- subversionのupdateによる解決
- 依然として「SSL negotiation failed: SSL error: parse tlsext」が起きるので、直っていない
- svn自体ではなくてopensslのversionを上げる必要がある?
Note: See
TracTickets for help on using
tickets.