Welcome, Guest
Username: Password: Remember me

Reply Topic: svn connection problem

Name
Subject
Boardcode
Message
Enlarge /  Shrink
Attachments
Enter code here

Topic History of: svn connection problem

Max. showing the last 6 posts - (Last post first)
4 months 1 week ago #2328

Laura Rontu

Laura Rontu's Avatar

Thank you, works!
4 months 2 weeks ago #2327

Martynas Kazlauskas

Martynas Kazlauskas's Avatar

Hi,

After having a look one for one more time:

After installing debian testing, you can copy /etc/ssl/openss.conf
to your users working directory.

and change

[system_default_sect]
-MinProtocol = TLSv1.2
-CipherString = DEFAULT@SECLEVEL=2
+MinProtocol = TLSv1.1
+CipherString = DEFAULT@SECLEVEL=1

After that, export the env variable OPENSSL_CONF that points to your 'new' file e.g.

"export OPENSSL_CONF=/home/vagrant/openssl.cnf".

You can also add it to your bash environment via .bashrc

SVN should be working now from your user to hirlam.org. The setting can also be changed system wide, but as long as you can override it manually i do not recommend it.

If the default ssl file is used again (the one in /etc/ssl/openssl.conf), you should see the error again, like:

svn: E170013: Unable to connect to a repository at URL 'svn.hirlam.org/branches/harmonie-43rb'
svn: E120171: Error running context: An error occurred during SSL communication


Regards,
Martynas
4 months 2 weeks ago #2326

Laura Rontu

Laura Rontu's Avatar

Just to report that the svn connection still does not work from the up-to date debian workstations, as described during the last half a year above. git works normally as it did, but the problems related to the git ssh server seem to remain (those which prevented creation of a fork). Working from ecgate, not from the updated debian systems, still remain the only solution for me.

www.ssllabs.com/ssltest/analyze.html : Analysing svn.hirlam.org leads to a certificate error. Analysing the hirlam.org in general could give some perhaps useful information for people responsible for hirlam.org , for me it is difficult to understand if something should be updated at the server side.
6 months 1 week ago #2307

Laura Rontu

Laura Rontu's Avatar

Thank you, so waiting for openssl updates in debian, no problem. Would the command 'openssl ciphers -V' tell something useful about ciphers?
6 months 1 week ago #2302

Martynas Kazlauskas

Martynas Kazlauskas's Avatar

Hi,

I was able to reproduce your exact problem with the current debian-testing (buster) only.

However, I cannot indicate that any (openssl library, subversion client or the serf library) version or the combination of those (if being built from straight source in other linux systems) would give the same error (e.g. replacing default openssl with v 1.1.1+ compiled with libserf1.3.9 and svn client 1.10.4 simply works).

Might indicate something in the way the current openssl (at least I would suspect that, because neither svn or serf seem to replicate the problem if build on other systems in various combinations) was packaged in the current buster release, and it might be that it simply has one of the chipers disabled.

Perhaps it's best to wait for and update if that system is not of a strategical value and something you can live with. Otherwise you would need to recompile svn from source (and that includes replacing the openssl and other stuff, really not worth the time)

As for the server part, I just noticed that it also gives a warning about the https certificate that *might* be avoided, but I don't think this is related to this issue.
7 months 4 days ago #2286

Laura Rontu

Laura Rontu's Avatar

Does not work :

rontu@iguana:~$ dpkg -l | grep libssl
ii libssl1.0.2:amd64 1.0.2q-2 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.1:amd64 1.1.1a-1 amd64 Secure Sockets Layer toolkit - shared libraries
rontu@iguana:~$ dpkg -l | grep serf
ii libserf-1-1:amd64 1.3.9-7+b10 amd64 high-performance asynchronous HTTP client library
ii serf 0.8.1+git20180508.80ab4877~ds-1+b1 amd64 Service orchestration and management tool

Works:

libssl1.0.0:amd64 1.0.1t-1+deb8u10
libserf-1-1:amd64 1.3.8-1
Time to create page: 0.079 seconds