194241 – [PATCH] net/svnup can not connect to freebsd svn repos "SSL_connect error:1"

Bug 194241 - [PATCH] net/svnup can not connect to freebsd svn repos "SSL_connect error:1"

Summary: [PATCH] net/svnup can not connect to freebsd svn repos "SSL_connect error:1"

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Bryan Drewery

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-08 13:13 UTC by Bernard Spil
Modified:	2015-03-06 09:37 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	brnrd: maintainer-feedback? (jcm)

Attachments
Patch to enable TLSv1 (544 bytes, patch) 2014-10-08 13:13 UTC, Bernard Spil	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernard Spil freebsd_committer

2014-10-08 13:13:29 UTC

Created attachment 148094 [details]
Patch to enable TLSv1

When I run svnup it returns a large amount of 
SSL_connect error:1
lines.

There seems to have been a change in the svnup servers that no longer allow it to negotiate SSLv3 connections.
$ openssl s_client -connect svn0.eu.freebsd.org:443 -ssl3
CONNECTED(00000003)
34379134632:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1260:SSL alert number 40
34379134632:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:596:

Negotiating a TLSv1(.1/.2) connection is fine.

The SSL connection is established with 
   connection->ctx = SSL_CTX_new(SSLv23_client_method()); 
which will be broken for people using security/libressl
then the code disables TLSv1 breaking the ssl session setup.
   SSL_CTX_set_options(connection->ctx, SSL_OP_ALL | SSL_OP_NO_TICKET | SSL_OP_NO_TLSv1);

When I remove "| SSL_OP_NO_TLSv1" it compiles and runs fine.

Comment 1 Bugzilla Automation freebsd_committer

2014-10-08 13:13:29 UTC

Maintainer CC'd

Comment 2 jcm 2014-10-12 23:36:03 UTC

Hello,

The patch has been merged (Thanks!)  I still have some work to do for bug #193837 and I'm hoping to have 1.07 pushed out later this week.

Comment 3 Bernard Spil freebsd_committer

2014-10-13 07:00:25 UTC

You may wish to expedite this patch with the oncoming release of FreeBSD 10.1 as I expect many people will wish to update their source tree at that time!

Thanks,

Bernard.

Comment 4 Bryan Drewery freebsd_committer

2014-10-15 15:37:07 UTC

I will test/commit this as it is hurting users currently.

Comment 5 Bryan Drewery freebsd_committer

2014-10-15 15:45:18 UTC

Fix committed

Comment 6 commit-hook freebsd_committer

2014-10-15 15:45:34 UTC

A commit references this bug:

Author: bdrewery
Date: Wed Oct 15 15:44:42 UTC 2014
New revision: 370930
URL: https://svnweb.freebsd.org/changeset/ports/370930

Log:
  - Allow svnup to work with TLS; SSLv3 is being disabled due to POODLE.

  PR:		194241
  Submitted by:	spil.oss@gmail.com
  Obtained from:	Merged in upstream
  MFH:		2014Q4

Changes:
  head/net/svnup/Makefile
  head/net/svnup/files/
  head/net/svnup/files/patch-svnup.c

Comment 7 commit-hook freebsd_committer

2014-10-15 15:45:36 UTC

A commit references this bug:

Author: bdrewery
Date: Wed Oct 15 15:45:07 UTC 2014
New revision: 370931
URL: https://svnweb.freebsd.org/changeset/ports/370931

Log:
  MFH: r370930

  - Allow svnup to work with TLS; SSLv3 is being disabled due to POODLE.

  PR:		194241
  Submitted by:	spil.oss@gmail.com
  Obtained from:	Merged in upstream

Changes:
_U  branches/2014Q4/
  branches/2014Q4/net/svnup/Makefile
  branches/2014Q4/net/svnup/files/