Subject: SSL connection to svn failing after migration
When trying to run svn up I get the following error:
$ svn up svn: OPTIONS of 'https://gladhandle.svn.beanstalkapp.com/gladhandle/trunk':
SSL negotiation failed: Secure connection truncated (https://gladhandle.svn.beanstalkapp.com)
Comments are currently closed for this discussion. You can start a new one.
Support Staff 2 Posted by Ilya Sabanin on 31 Aug, 2009 05:13 PM
Hey,
We are working on this issue at the moment. I will post an update to you in a few minutes.
Sorry for the inconvenience.
3 Posted by ryan on 31 Aug, 2009 05:23 PM
Excellent. Thank you for the timely response!
4 Posted by andy on 31 Aug, 2009 05:56 PM
I'm also seeing this
svn up
svn: OPTIONS of 'https://myaccount.svn.beanstalkapp.com/myproject/trunk': SSL negotiation failed: Secure connection truncated (https://myaccount.svn.beanstalkapp.com)
Support Staff 5 Posted by Ilya Sabanin on 31 Aug, 2009 06:01 PM
Guys,
Can you try removing all mentions about beanstalk from your "~/.ssh/known_hosts" files?
6 Posted by andy on 31 Aug, 2009 06:27 PM
Cleared ~/.ssh/known_hosts and I get the same message. There isn't any reloading to be done, correct?
Support Staff 7 Posted by Chris Nagele on 31 Aug, 2009 06:31 PM
A small group of people have this issue, but we can't seem to figure out why. Since we have a few people on this cases, let's figure out the similarities.
Thanks,
Chris
8 Posted by ryan on 31 Aug, 2009 06:32 PM
I've never used ssh to connect to beanstalk and there are no references to beanstalk in that file. I've only ever used the https method to talk to svn at beanstalk.
9 Posted by ryan on 31 Aug, 2009 06:33 PM
$ svn --version
svn, version 1.6.4 (r38063)
compiled Aug 7 2009, 03:42:39
Copyright (C) 2000-2009 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).
The following repository access (RA) modules are available:
* ra_neon : Module for accessing a repository via WebDAV protocol using Neon.
- handles 'http' scheme
- handles 'https' scheme
* ra_svn : Module for accessing a repository using the svn network protocol.
- with Cyrus SASL authentication
- handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
- handles 'file' scheme
$ cat /etc/fedora-release
Fedora release 11 (Leonidas)
$ uname -srvpio
Linux 2.6.29.6-217.2.16.fc11.x86_64 #1 SMP Mon Aug 24 17:17:40 EDT 2009 x86_64 x86_64 GNU/Linux
10 Posted by andy on 31 Aug, 2009 06:43 PM
Ubuntu 9.04
head /proc/version
Linux version 2.6.28-15-generic (buildd@palmer) (gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4) ) #49-Ubuntu SMP Tue Aug 18 18:40:08 UTC 2009
svn, version 1.5.4 (r33841)
compiled Aug 7 2009, 01:44:11 The following repository access (RA) modules are available:
Support Staff 11 Posted by Chris Nagele on 31 Aug, 2009 06:56 PM
I see two similarities:
This helps a lot. We'll keep looking and talk to Rackspace, since our certificates are on the load balancer.
Chris
12 Posted by john on 31 Aug, 2009 08:39 PM
I have also tried this on Debian 5 and got the same problem.
I never get the prompt to accept the certificate being served by beanstalk.
It works fine for me on OS X 10.5 and Ubuntu 8.04 regardless of svn client.
13 Posted by alexis on 31 Aug, 2009 08:59 PM
Maybe the issue come from libneon: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507374
or libssl 0.9.8: http://subversion.tigris.org/faq.html#ssl-negotiation-error
14 Posted by john on 31 Aug, 2009 09:09 PM
I've tried with the serf backed but get the same result. Any idea how to prove it's using serf, with a verbose option or something like that?
Support Staff 15 Posted by Chris Nagele on 31 Aug, 2009 09:11 PM
We decrypt the ssl on the load balancer, so we are trying to figure out if there is an issue there with certain openssl versions. What OpenSSL versions is everyone using?
Thanks for the help debugging.
Chris
16 Posted by john on 31 Aug, 2009 09:13 PM
I've tried with 0.9.8g and 0.9.8k.
17 Posted by alexis on 31 Aug, 2009 09:14 PM
libssl 0.9.8 too.
18 Posted by ryan on 31 Aug, 2009 09:24 PM
0.9.8k (0.9.8k-5.fc11.i686) here.
19 Posted by alexis on 31 Aug, 2009 09:33 PM
I compiled Subversion against serf and it worked for me. I use libssl 0.9.8 and libserf instead of libneon.
$ /usr/local/bin/svn --version svn, version 1.6.5 (r38866)
compiled Aug 31 2009, 23:25:51
Copyright (C) 2000-2009 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).
The following repository access (RA) modules are available:
Support Staff 20 Posted by Chris Nagele on 31 Aug, 2009 09:36 PM
It's nice when customers are also developers :) I will pass this along to Rackspace.
Chris
21 Posted by alexis on 31 Aug, 2009 09:46 PM
If it may help some one (Ubuntu Jaunty):
Prerequisite
sudo apt-get install libssl-dev
Install Serf
wget http://serf.googlecode.com/files/serf-0.3.0.tar.bz2
tar xfj serf-0.3.0.tar.bz2
cd serf-0.3.0
./configure --with-openssl=/usr/include/openssl/ make
sudo make install
Install Subversion with Serf
wget http://subversion.tigris.org/downloads/subversion-1.6.5.tar.gz
tar xfz subversion-1.6.5.tar.gz
cd subversion-1.6.5
./configure --with-ssl --with-serf=/usr/local/serf/ make
sudo make install
Check
/usr/local/bin/svn --version
Support Staff 22 Posted by Chris Nagele on 31 Aug, 2009 10:02 PM
We're going to make a change on the Load Balancer. Can someone help us test after that is done?
23 Posted by john on 31 Aug, 2009 10:06 PM
Yeah let me know when to try.
24 Posted by alexis on 31 Aug, 2009 10:06 PM
No problem.
2009/9/1 Chris Nagele <no-reply@tenderapp.com>
25 Posted by john on 31 Aug, 2009 10:07 PM
Thanks for that alexis, it seems the jaunty svn does not have serf
built by default alright, that's why my changes didn't work I presume.
26 Posted by ryan on 31 Aug, 2009 10:14 PM
Standing by as well.
27 Posted by jessestay on 01 Sep, 2009 02:43 AM
I'm stuck until this is resolved. Happy to help in any way.
Support Staff 28 Posted by Chris Nagele on 01 Sep, 2009 02:56 AM
Just want you to know we are still working on it. I'm really sorry for such a long delay.
Chris
29 Posted by Dave B on 01 Sep, 2009 09:19 AM
I'm getting the same message on my setup: Ubuntu 9.04 with svn, version 1.5.4 (r33841).
Happy to test/provide more info if you need it.
30 Posted by mpi on 01 Sep, 2009 09:21 AM
I get this one as well:
command:
svn up
error:
svn: OPTIONS of 'https://qc.svn.beanstalkapp.com/quantumconnect/c++': SSL negotiation failed: Secure connection truncated (https://qc.svn.beanstalkapp.com)
system:
Ubuntu 9.04
svn version:
svn, version 1.5.4 (r33841)
compiled Aug 7 2009, 01:44:11
Copyright (C) 2000-2008 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).
The following repository access (RA) modules are available:
Support Staff 31 Posted by Ilya Sabanin on 01 Sep, 2009 09:25 AM
Hey,
Just wanted to let you know that we are still waiting for a response from Rackspace regarding our balancer's SSL settings.