Package: libserf-1-1 Version: 1.3.9-1 Severity: normal Hi serf team!
I have a small issue. It looks like that the serf lib is the reason, why subversion does not work anymore while accessing HTTPS repositories. I am using - the current debian testing (buster) amd64 - subversion 1.9.7-2 (r1800392) with libserf 1.3.9-3 (no self compiled packages, only distribution packages) and - beanstalkapp as a repository provider I cant access (update/checkout/list/whatever) my subversion repository anymore. Everytime i call a subversion command i get following error message: > svn: E170013: Unable to connect to a repository at URL 'https://u...@company.svn.beanstalkapp.com/REPOSITORY/trunk' > svn: E120171: Error running context: An error occurred during SSL communication If i replace the package libserf-1.3.9-3 by libserf-1.3.9-1 (and nothing else) everything works fine. I dont get any errors anymore. Also curl works fine. Maybe there is a bug in the current libserf 1.3.9-3 version? Thanks in advance! Falko Matthies -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libserf-1-1 depends on: ii libapr1 1.6.2-1 ii libaprutil1 1.6.0-2 ii libc6 2.24-17 ii libgssapi-krb5-2 1.15.1-2 ii libssl1.0.0 1.0.1t-1+deb8u5 ii zlib1g 1:1.2.8.dfsg-5 libserf-1-1 recommends no packages. libserf-1-1 suggests no packages. -- no debconf information
$ svn --version svn, version 1.9.7 (r1800392) compiled Aug 17 2017, 02:50:12 on x86_64-pc-linux-gnu Copyright (C) 2017 The Apache Software Foundation. This software consists of contributions made by many people; see the NOTICE file for more information. Subversion is open source software, see http://subversion.apache.org/ The following repository access (RA) modules are available: * ra_svn : Module for accessing a repository using the svn network protocol. - with Cyrus SASL authentication - handles 'svn' scheme * ra_local : Module for accessing a repository on local disk. - handles 'file' scheme * ra_serf : Module for accessing a repository via WebDAV protocol using serf. - using serf 1.3.9 (compiled with 1.3.9) - handles 'http' scheme - handles 'https' scheme The following authentication credential caches are available: * Plaintext cache in /home/falko/.subversion * Gnome Keyring * GPG-Agent * KWallet (KDE)
$ curl -v https://COMPANY.svn.beanstalkapp.com/REPOSITORY/trunk % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 50.31.156.74... * TCP_NODELAY set * Connected to COMPANY.svn.beanstalkapp.com (50.31.156.74) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.0 (IN), TLS handshake, Server hello (2): { [81 bytes data] * TLSv1.0 (IN), TLS handshake, Certificate (11): { [2607 bytes data] * TLSv1.0 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.0 (OUT), TLS handshake, Client key exchange (16): } [262 bytes data] * TLSv1.0 (OUT), TLS change cipher, Client hello (1): } [1 bytes data] * TLSv1.0 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.0 (IN), TLS change cipher, Client hello (1): { [1 bytes data] * TLSv1.0 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.0 / AES256-SHA * ALPN, server did not agree to a protocol * Server certificate: * subject: C=US; ST=Pennsylvania; L=Philadelphia; O=Wildbit LLC; CN=*.svn.beanstalkapp.com * start date: Apr 28 00:00:00 2015 GMT * expire date: May 22 12:00:00 2018 GMT * subjectAltName: host "COMPANY.svn.beanstalkapp.com" matched cert's "*.svn.beanstalkapp.com" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA * SSL certificate verify ok. } [5 bytes data] > GET /REPOSITORY/trunk HTTP/1.1 > Host: COMPANY.svn.beanstalkapp.com > User-Agent: curl/7.55.1 > Accept: */* > { [5 bytes data] < HTTP/1.1 401 Authorization Required < Date: Wed, 11 Oct 2017 07:44:02 GMT < Server: Apache/2 < X-Content-Type-Options: nosniff < X-Frame-Options: SAMEORIGIN < X-XSS-Protection: 1; mode=block < Strict-Transport-Security: max-age=31536000; includeSubDomains < WWW-Authenticate: Basic realm="SVN" < Content-Length: 401 < Content-Type: text/html; charset=iso-8859-1 < { [5 bytes data] 100 401 100 401 0 0 401 0 0:00:01 --:--:-- 0:00:01 663 * Connection #0 to host COMPANY.svn.beanstalkapp.com left intact <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html>
$ svn --version svn, version 1.9.7 (r1800392) compiled Aug 17 2017, 02:50:12 on x86_64-pc-linux-gnu Copyright (C) 2017 The Apache Software Foundation. This software consists of contributions made by many people; see the NOTICE file for more information. Subversion is open source software, see http://subversion.apache.org/ The following repository access (RA) modules are available: * ra_svn : Module for accessing a repository using the svn network protocol. - with Cyrus SASL authentication - handles 'svn' scheme * ra_local : Module for accessing a repository on local disk. - handles 'file' scheme * ra_serf : Module for accessing a repository via WebDAV protocol using serf. - using serf 1.3.9 (compiled with 1.3.9) - handles 'http' scheme - handles 'https' scheme The following authentication credential caches are available: * Plaintext cache in /home/falko/.subversion * Gnome Keyring * GPG-Agent * KWallet (KDE)
