Monday, March 20, 2006|
svn ssl decryption error bug on debian (and fix) This afternoon and evening I spent hours (upon hours) figuring out why I was getting the following error while trying to commit a lot of files
Now my subversion server runs debian ppc (it's a PPC Mac Mini), that I haven't updated to the latest subversion yet (because apt-get, the binary installer for debian, doesn't have the latest subversion for ppc).
So I build subversion 1.3. After 3ish hours of getting configure to work (meaning: piecing together everything configure wants, where it wants, and where I have it on my machine), I built the latest and got it working.
I won't go into the build details, but because subversion needs large and complex pieces of software to build, besides being a large and complex bit of software itself, this was a pain in the rear. Including having to upgrade my apache2 (which was at the most recent version, thank you, but I had to build another because I couldn't do
After all that was over with, I had a working subversion 1.3. Except I still got the same error. So some more intensive googling...
Seems this decryption bug is in the version of OpenSSL that neon 2.4 uses (follow that? good). Subversion 1.2 (or 1.1, whatever I had on my system) must be using this version of neon, so it would throw bugs my way sometimes.
The temporary fix is explained in the debian bug report, and the "answer" is at the bottom. Jim Paris said I found that a workaround is to limit the ciphers on the Apache end. Removing all SSLv3 ciphers except RC4 seems to do the trick. For example, my apache2 configuration now has:
Subversion 1.3 can use neon 1.5, and I suppose I could fix the bug for real by installing the latest OpenSSL (assuming the bug is fixed there), then installing the latest neon, then rebuilding my Subversion 1.3 to make sure I got everything. I really don't feel like doing that, I just wanna be able to commit stuff. Technorati Tags: subversion
|
