Hi All,
We observe one strange error since exhibited in combination with
SVN(with bulk import having more than 20k files).
Original posting is at
http://subversion.tigris.org/ds/viewMessage.do?dsMessageId=2379671&dsForumId=462
The problem exists even in httpd-2.2.13 and httpd-2.2.14.
We get errors like the following
svn: PUT of
'/svn/svntest/!svn/wrk/fca6bd35-b260-7942-8f52-bcf3dcdfd734/abc/trunk/publish/q/xyz.gz':
SSL negotiation failed: SSL error:
parse tlsext (https://hostname <https://cu097.cubit.maa.collab.net>)
It happens only with windows client, server can be linux or win32.
I could manage to get the stack trace of apache child(in apache-2.2.13)
when this error occurs.
**
<stack trace of apache 2.2.13 when we get this tlsext parse error>
#0 ssl_filter_io_shutdown (filter_ctx=0xa07b910, c=0xa07b350, abortive=1)
at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:976
#1 0x0038d5eb in ssl_io_filter_connect (filter_ctx=0xa07b910)
at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:1146
#2 0x0038dc1d in ssl_io_filter_input (f=0xa08c898, bb=0xa0d2ac8,
mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0)
at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:1336
#3 0x08086af9 in ap_get_brigade (next=0xa08c898, bb=0xa0d2ac8,
mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0)
at /home/kamesh/Download/httpd-2.2.13/server/util_filter.c:489
#4 0x0806b274 in ap_rgetline_core (s=0xa0d1c78, n=8192, read=0xbf837c14,
r=0xa0d1c60, fold=0, bb=0xa0d2ac8)
at /home/kamesh/Download/httpd-2.2.13/server/protocol.c:231
#5 0x0806b943 in read_request_line (r=0xa0d1c60, bb=0xa0d2ac8) at
/home/kamesh/Download/httpd-2.2.13/server/protocol.c:596
#6 0x0806c299 in ap_read_request (conn=0xa07b350) at
/home/kamesh/Download/httpd-2.2.13/server/protocol.c:891
#7 0x0808726e in ap_process_http_connection (c=0xa07b350)
at /home/kamesh/Download/httpd-2.2.13/modules/http/http_core.c:183
#8 0x08082c73 in ap_run_process_connection (c=0xa07b350) at
/home/kamesh/Download/httpd-2.2.13/server/connection.c:43
#9 0x08083053 in ap_process_connection (c=0xa07b350, csd=0xa07b1b8)
at /home/kamesh/Download/httpd-2.2.13/server/connection.c:178
#10 0x080901df in child_main (child_num_arg=0) at
/home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:662
#11 0x080903ca in make_child (s=0x9f70fa0, slot=0) at
/home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:758
#12 0x08090424 in startup_children (number_to_start=1)
at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:776
#13 0x080908c8 in ap_mpm_run (_pconf=0x9f6f0a8, plog=0x9f9d160, s=0x9f70fa0)
at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:997
#14 0x08064bb8 in main (argc=3, argv=0xbf837fe4) at
/home/kamesh/Download/httpd-2.2.13/server/main.c:740
</snip>
**
<snip from error log while this error happened last week>
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5
bytes from BIO#8494dd0 [mem: 835bb00] (BIO dump follows)
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1791):
+-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1830): | 0000: 15 03 01 00
02 ..... |
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1836):
+-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 2/2
bytes from BIO#8494dd0 [mem: 835bb05] (BIO dump follows)
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1791):
+-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1830): | 0000: 02 32
.2 |
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1836):
+-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_kernel.c(1888): OpenSSL: Read:
SSLv3 read client certificate A
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_kernel.c(1907): OpenSSL: Exit:
failed in SSLv3 read client certificate A
[Sat Oct 10 20:41:18 2009] [info] [client IP] SSL library error 1 in handshake
(server hostname:443)
[Sat Oct 10 20:41:18 2009] [info] SSL Library Error: 336151578
error:1409441A:SSL routines:SSL3_READ_BYTES:tlsv1 alert decode error
[Sat Oct 10 20:41:18 2009] [info] [client IP] Connection closed to child 5 with
abortive shutdown (server hostname:443)
</snip>
I could not isolate this issue to openssl versions as it happens with
openssl-0.9.8k, openssl-0.9.8g, openssl-0.9.8-b
When I built the server against openssl-1.0.0-beta3, I could *not*
access svn at all using svn client while I could access the same via
browser.
Any clues?
With regards
Kamesh Jayachandran
