Re: [PATCH] Was: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

On 2018-08-03 12:46, Daniel Shahaf wrote: Folker Schamel wrote on Thu, 02 Aug 2018 15:34 +0200: On 2018-08-01 19:19, Daniel Shahaf wrote: Folker Schamel wrote on Wed, 01 Aug 2018 17:51 +0200: Hi Julian, Draft which may save you some time: First patch against trunk: [[[ *

Re: [PATCH] Was: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Folker Schamel wrote on Thu, 02 Aug 2018 15:34 +0200: > On 2018-08-01 19:19, Daniel Shahaf wrote: > > Folker Schamel wrote on Wed, 01 Aug 2018 17:51 +0200: > >> Hi Julian, > >> > >> Draft which may save you some time: > >> > >> First patch against trunk: > >> [[[ > >> * site/staging/faq.html: > >>

Re: [PATCH] Was: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Folker Schamel wrote: > Daniel Shahaf wrote: >> Folker Schamel wrote: >>> * site/staging/faq.html: >>>Add entry for "An error occurred during SSL communication" error. >>> * site/staging/docs/release-notes/1.10.html: >>>Add entry for an OpenSSL upgrade causing "An error occurred during

Re: [PATCH] Was: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

On 2018-08-01 19:19, Daniel Shahaf wrote: Folker Schamel wrote on Wed, 01 Aug 2018 17:51 +0200: Hi Julian, Draft which may save you some time: First patch against trunk: [[[ * site/staging/faq.html: Add entry for "An error occurred during SSL communication" error. ]]] Second patch

Re: [PATCH] Was: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Folker Schamel wrote on Wed, 01 Aug 2018 17:51 +0200: > Hi Julian, > > Draft which may save you some time: > > First patch against trunk: > [[[ > * site/staging/faq.html: >Add entry for "An error occurred during SSL communication" error. > ]]] > > Second patch against trunk: > [[[ > *

[PATCH] Was: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Hi Julian, Draft which may save you some time: First patch against trunk: [[[ * site/staging/faq.html: Add entry for "An error occurred during SSL communication" error. ]]] Second patch against trunk: [[[ * site/staging/docs/release-notes/1.10.html: Add entry for an OpenSSL upgrade causing

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Folker Schamel wrote: > Hi Stefan, >> That's the catch here. Subversion does not ship with OpenSSL by >> itself. From Subversion's point of view this is a 3rd-party >> dependency. [...] It could be something worthwhile adding to the FAQ >> however, though then in a more general manner like:

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Hi Stefan, That's the catch here. Subversion does not ship with OpenSSL by itself. From Subversion's point of view this is a 3rd-party dependency. You can easily build Subversion 1.9.x/1.10.x with OpenSSL 1.0.x. Whether or not you run into this issue therefore is outside the scope of

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

On 8/1/2018 9:25 AM, Folker Schamel wrote: On 2018-07-31 21:09, Philip Martin wrote: Daniel Shahaf writes: Subversion uses Serf, which uses OpenSSL, which talks to an SSL implementation on the server. The root cause of the error is known to the SSL implementation on the server (that's why

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

On 2018-07-31 21:09, Philip Martin wrote: Daniel Shahaf writes: Subversion uses Serf, which uses OpenSSL, which talks to an SSL implementation on the server. The root cause of the error is known to the SSL implementation on the server (that's why you see it in the error log). It's not

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Daniel Shahaf writes: > Subversion uses Serf, which uses OpenSSL, which talks to an SSL implementation > on the server. The root cause of the error is known to the SSL implementation > on the server (that's why you see it in the error log). It's not obvious that > OpenSSL on the client side

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Folker Schamel wrote on Tue, Jul 31, 2018 at 17:42:10 +0200: > On 2018-07-31 17:04, Philip Martin wrote: > > Folker Schamel writes: > > > For the broken setup, the client reports: > > > svn: E120171: Error running context: An error occurred during SSL > > > communication > > > And the server

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Hi Philip, this solved it! Using "openssl s_client" as you described it reported: error setting certificate 140258270184704:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:303: So we created new certificates with sha256 (default in openssl 1.1) instead of

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Folker Schamel writes: > After upgrading, Subversion SSL connections with "SSLVerifyClient > require" seem to be broken. > > Broken: SVN Client 1.9.5, Serf 1.3.9-3, Server "SSLVerifyClient require" > Works:  SVN Client 1.9.5, Serf 1.3.9-3, Server "SSLVerifyClient off" > Works:  SVN Client 1.9.5,

Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

Hello everyone, After upgrading, Subversion SSL connections with "SSLVerifyClient require" seem to be broken. Broken: SVN Client 1.9.5, Serf 1.3.9-3, Server "SSLVerifyClient require" Works:  SVN Client 1.9.5, Serf 1.3.9-3, Server "SSLVerifyClient off" Works:  SVN Client 1.9.5, Serf 1.3.8-1,