Bug#327269: apache2 security update breaks ssl+svn
Package: apache2 Version: 2.0.54-5 Severity: critical After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken: subversion client (e.g. checkout): svn: PROPFIND request failed on '/svn/test' svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3 alert unexpected message (https://www.opensc.org) apache error log: [Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not accepted by client!? downgrade to 2.0.54-4 and everything is fine again. debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386, apache2 on 80 and 443, ssl with self signed certificate, accepting a list of self signed certificates, svn repository needs those for write access only. more configuration and any detail you need available on request. Regards, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327269: apache2 security update breaks ssl+svn
Hi Adam, > Could you try, for curiosity's sake, setting "SSLVerifyClient none" in > the main VirtualHost, and keeping the rest the same, and seeing if that > makes a difference for you at all? Done, no change at all. Thanks for looking into this issue. Regards, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327269: apache2 security update breaks ssl+svn
On Friday 09 September 2005 10:58, R. Mattes wrote: > After reading the initial bug report I checked with my upgraded SVN > servers (no client certs involved). "Fresh" checkouts seem to work > flawless but checkouts from user accounts that had allready checked > out from the server hang. Doing a 'svn co --no-auth-cache' from these > accounts seems to have fixed the problem (i.e. afterwards checkouts > work even without the '--no-auth-cache' option). Maybe there's a problem > with SVNs cert cache? I had tried something similar: I had deleted the .subversion/auth/ directory, but it didn't help. I can try that option tomorrow, but I guess it won't help either. Regards, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327269: still problems
btw, I tried --no-auth-cache and it does not help at all. any other idea? Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327269: still problems
On Sunday 25 September 2005 15:26, Adam Conrad wrote: > Can you test the packages at > http://people.debian.org/~adconrad/apache2-security/ for me? > > They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't > be positive if they'll fix YOUR bug without testing. Hi Adam, thanks for your work, those packages work fine, bug fixed. Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
