error occurred during SSL communication (with client certs)

Mirko Melis Sat, 30 Sep 2023 17:54:21 -0700

Hello,

I am experiencing issues when trying to use a subversion client = 1.14.2 
(libserf 1.3.10) against an svn server running


Debian bookworm
apache 2.4.57
subversion 1.14.2
openssl 3.0.9

with ssl client auth.

I have now spent about some days searching through old ssl client auth
errors in the openssl issues, subversion maillinglist

Whenever I use the subversion clients I receive the following error on the 
client side

        svn: E170013: Unable to connect to a repository at URL 
'https://studio.ovunque-si.it/svn/ovunque/php/decana-ig/trunk' 
(https://studio.ovunque-si.it/svn/ovunque/php/decana-ig/trunk')
svn: E120171: Errore durante l'esecuzione del contesto: An error occurred 
during SSL communication

after I have recompiled libserf with VERBOSE actived I have this log:
2134:mirko@idea ~/codici/siti/decana $ svn update
Updating '.':
[2023-10-01T02:44:14.120744+02] outgoing.c: created connection 0x46b7b028
[2023-10-01T02:44:14.438549+02] buckets/ssl_buckets.c: ssl_encrypt: begin 8000
[2023-10-01T02:44:14.438606+02] buckets/ssl_buckets.c: ssl_encrypt: bucket read 
538 bytes; status 0
[2023-10-01T02:44:14.438616+02] buckets/ssl_buckets.c: ---
OPTIONS /svn/ovunque/php/decana-ig/trunk HTTP/1.1
Host: studio.ovunque-si.it
User-Agent: SVN/1.14.2 (x86_64-pc-linux-gnu) serf/1.3.10
Content-Type: text/xml
Connection: keep-alive
Accept-Encoding: gzip
DAV: http://subversion.tigris.org/xmlns/dav/svn/depth 
(http://subversion.tigris.org/xmlns/dav/svn/depth)
DAV: http://subversion.tigris.org/xmlns/dav/svn/mergeinfo 
(http://subversion.tigris.org/xmlns/dav/svn/mergeinfo)
DAV: http://subversion.tigris.org/xmlns/dav/svn/log-revprops 
(http://subversion.tigris.org/xmlns/dav/svn/log-revprops)
Content-Length: 131

<?xml version="1.0" encoding="utf-8"?><D:options 
xmlns:D="DAV:"><D:activity-collection-set></D:activity-collection-set></D:options>
-(538)-
[2023-10-01T02:44:14.438731+02] buckets/ssl_buckets.c: SSL_connect:before SSL 
initialization
[2023-10-01T02:44:14.439067+02] buckets/ssl_buckets.c: bio_bucket_write called 
for 517 bytes
[2023-10-01T02:44:14.439097+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
write client hello
[2023-10-01T02:44:14.439110+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.439122+02] buckets/ssl_buckets.c: bio_bucket_read received 
0 bytes (70014)
[2023-10-01T02:44:14.439139+02] buckets/ssl_buckets.c: SSL_connect:error in 
SSLv3/TLS write client hello
[2023-10-01T02:44:14.439150+02] buckets/ssl_buckets.c: ssl_encrypt: SSL write: 
-1
[2023-10-01T02:44:14.439169+02] buckets/ssl_buckets.c: ssl_encrypt: SSL write 
error: 2
[2023-10-01T02:44:14.439181+02] buckets/ssl_buckets.c: ssl_encrypt: SSL write 
error: 120103 0
[2023-10-01T02:44:14.439191+02] buckets/ssl_buckets.c: ssl_encrypt read agg: 
120103 70014 0 517
[2023-10-01T02:44:14.439206+02] buckets/ssl_buckets.c: ssl_encrypt finished: 
120103 517 (8 1 9)
[2023-10-01T02:44:14.446893+02] buckets/ssl_buckets.c: ssl_decrypt: begin 8000
[2023-10-01T02:44:14.446934+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.446944+02] buckets/ssl_buckets.c: bio_bucket_read waiting: 
(8 1 9)
[2023-10-01T02:44:14.446956+02] buckets/ssl_buckets.c: bio_bucket_read received 
0 bytes (70014)
[2023-10-01T02:44:14.446967+02] buckets/ssl_buckets.c: SSL_connect:error in 
SSLv3/TLS write client hello
[2023-10-01T02:44:14.446995+02] buckets/ssl_buckets.c: ssl_decrypt: read 3278 
bytes (8000); status: 0
[2023-10-01T02:44:14.447025+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.447038+02] buckets/ssl_buckets.c: bio_bucket_read waiting: 
(8 1 9)
[2023-10-01T02:44:14.447051+02] buckets/ssl_buckets.c: bio_bucket_read received 
5 bytes (0)
[2023-10-01T02:44:14.447065+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 122 bytes
[2023-10-01T02:44:14.447075+02] buckets/ssl_buckets.c: bio_bucket_read received 
122 bytes (0)
[2023-10-01T02:44:14.447089+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
write client hello
[2023-10-01T02:44:14.447638+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.447655+02] buckets/ssl_buckets.c: bio_bucket_read received 
5 bytes (0)
[2023-10-01T02:44:14.447669+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 1 bytes
[2023-10-01T02:44:14.447681+02] buckets/ssl_buckets.c: bio_bucket_read received 
1 bytes (0)
[2023-10-01T02:44:14.447694+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.447707+02] buckets/ssl_buckets.c: bio_bucket_read received 
5 bytes (0)
[2023-10-01T02:44:14.447717+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 27 bytes
[2023-10-01T02:44:14.447730+02] buckets/ssl_buckets.c: bio_bucket_read received 
27 bytes (0)
[2023-10-01T02:44:14.447752+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
read server hello
[2023-10-01T02:44:14.447772+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.447785+02] buckets/ssl_buckets.c: bio_bucket_read received 
5 bytes (0)
[2023-10-01T02:44:14.447796+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 260 bytes
[2023-10-01T02:44:14.447808+02] buckets/ssl_buckets.c: bio_bucket_read received 
260 bytes (0)
[2023-10-01T02:44:14.447826+02] buckets/ssl_buckets.c: SSL_connect:TLSv1.3 read 
encrypted extensions
[2023-10-01T02:44:14.447921+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.447933+02] buckets/ssl_buckets.c: bio_bucket_read received 
5 bytes (0)
[2023-10-01T02:44:14.447948+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 2483 bytes
[2023-10-01T02:44:14.447961+02] buckets/ssl_buckets.c: bio_bucket_read received 
2483 bytes (0)
[2023-10-01T02:44:14.447985+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
read server certificate request
[2023-10-01T02:44:14.449945+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.449968+02] buckets/ssl_buckets.c: bio_bucket_read received 
5 bytes (0)
[2023-10-01T02:44:14.449981+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 281 bytes
[2023-10-01T02:44:14.449994+02] buckets/ssl_buckets.c: bio_bucket_read received 
281 bytes (0)
[2023-10-01T02:44:14.450016+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
read server certificate
[2023-10-01T02:44:14.504824+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.504847+02] buckets/ssl_buckets.c: bio_bucket_read received 
5 bytes (0)
[2023-10-01T02:44:14.504856+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 69 bytes
[2023-10-01T02:44:14.504864+02] buckets/ssl_buckets.c: bio_bucket_read received 
69 bytes (70014)
[2023-10-01T02:44:14.504885+02] buckets/ssl_buckets.c: SSL_connect:TLSv1.3 read 
server certificate verify
[2023-10-01T02:44:14.505019+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
read finished
[2023-10-01T02:44:14.505041+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
write change cipher spec
[2023-10-01T02:44:14.505111+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
write client certificate
[2023-10-01T02:44:14.505142+02] buckets/ssl_buckets.c: bio_bucket_write called 
for 110 bytes
[2023-10-01T02:44:14.505152+02] buckets/ssl_buckets.c: bio_bucket_write 
waiting: (0 0 0)
[2023-10-01T02:44:14.505211+02] buckets/ssl_buckets.c: SSL_connect:SSLv3/TLS 
write finished
[2023-10-01T02:44:14.505231+02] buckets/ssl_buckets.c: bio_bucket_read called 
for 5 bytes
[2023-10-01T02:44:14.505244+02] buckets/ssl_buckets.c: bio_bucket_read received 
0 bytes (70014)
[2023-10-01T02:44:14.505259+02] buckets/ssl_buckets.c: ssl_decrypt: 120171 0 9
[2023-10-01T02:44:14.506678+02] outgoing.c: reset connection 0x46b7b028
[2023-10-01T02:44:14.506700+02] outgoing.c: cleaning up connection 0x46b7b028
[2023-10-01T02:44:14.506712+02] outgoing.c: closed connection 0x46b7b028
svn: E170013: Unable to connect to a repository at URL 
'https://studio.ovunque-si.it/svn/ovunque/php/decana-ig/trunk' 
(https://studio.ovunque-si.it/svn/ovunque/php/decana-ig/trunk')
svn: E120171: Errore durante l'esecuzione del contesto: An error occurred 
during SSL communication
2135:mirko@idea ~/codici/siti/decana $

on server side I receive this error:

        [Sun Oct 01 02:44:14.505491 2023] [ssl:trace4] [pid 2940614] 
ssl_engine_io.c(2411): [client 192.168.160.13:57474] OpenSSL: I/O error, 5 
bytes expected to read on BIO#564742779c20 [mem: 564742795d43]
[Sun Oct 01 02:44:14.505577 2023] [ssl:trace4] [pid 2940614] 
ssl_engine_io.c(2401): [client 192.168.160.13:57474] OpenSSL: write 24/24 bytes 
to BIO#56474277b340 [mem: 56474279d970] (BIO dump follows)
[Sun Oct 01 02:44:14.505588 2023] [ssl:trace7] [pid 2940614] 
ssl_engine_io.c(2331): [client 192.168.160.13:57474] 
+-------------------------------------------------------------------------+
[Sun Oct 01 02:44:14.505599 2023] [ssl:trace7] [pid 2940614] 
ssl_engine_io.c(2368): [client 192.168.160.13:57474] | 0000: 17 03 03 00 13 c8 
42 8e-25 51 2e b7 f5 33 b8 49 ......B.%Q...3.I |
[Sun Oct 01 02:44:14.505608 2023] [ssl:trace7] [pid 2940614] 
ssl_engine_io.c(2368): [client 192.168.160.13:57474] | 0010: d2 6d 73 85 03 1e 
82 c2- .ms..... |
[Sun Oct 01 02:44:14.505614 2023] [ssl:trace7] [pid 2940614] 
ssl_engine_io.c(2373): [client 192.168.160.13:57474] 
+-------------------------------------------------------------------------+
[Sun Oct 01 02:44:14.505733 2023] [ssl:info] [pid 2940614] [client 
192.168.160.13:57474] AH01998: Connection closed to child 1 with abortive 
shutdown (server studio.ovunque-si.it:443)

If I comment this directives on apache configuraton all works:
SSLVerifyClient require
SSLRequire %{SSL_CLIENT_S_DN_O} in {"***********"}

Can someone help me?
thanks in advance,
Mirko

error occurred during SSL communication (with client certs)

Reply via email to