Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
layman -a fails with SSL error
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Tue Nov 02, 2010 4:23 pm    Post subject: layman -a fails with SSL error Reply with quote

Tried to add the Pentoo overlay, in vain. Trying to run
Code:
layman -a pentoo

I get
Code:
* Running command "/usr/bin/svn co "https://www.pentoo.ch/svn/portage/trunk//@" "/var/lib/layman/pentoo""...
svn: OPTIONS of 'https://www.pentoo.ch/svn/portage/trunk': SSL handshake failed: SSL error: A TLS warning alert has been received. (https://www.pentoo.ch)
* Deleting _empty_ directory "/var/lib/layman/pentoo"
* Failed to add overlay "pentoo".
* Error was: Adding overlay "pentoo" failed!


Solutions?
_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
Grimmlin
n00b
n00b


Joined: 15 Mar 2005
Posts: 32

PostPosted: Tue Nov 02, 2010 10:13 pm    Post subject: Reply with quote

Hi,

This happened when we upgraded openssl.
Just upgrade yours and follow the revdep-rebuild guidelines.

You can also go with unstable neon 0.29.5, first option is much more clean
_________________
http://www.pentoo.ch
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Tue Nov 02, 2010 10:24 pm    Post subject: Reply with quote

I have already the newest OpenSSL (as I upgrade my server weekly and connecting there works without a problem). Any other problems?
_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
Grimmlin
n00b
n00b


Joined: 15 Mar 2005
Posts: 32

PostPosted: Tue Nov 02, 2010 10:32 pm    Post subject: Reply with quote

Ok, but did you ran revdep-rebuild --library libcrypto.0.9.8.so ?

Also it's a known bug in neon, you can eventually upgrade it to 0.29.5
_________________
http://www.pentoo.ch
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Wed Nov 03, 2010 1:11 pm    Post subject: Reply with quote

Already done but did I again for this problem here:
Code:
# revdep-rebuild --library libcrypto.0.9.8.so
 * Configuring search environment for revdep-rebuild

 * Checking reverse dependencies
 * Packages containing binaries and libraries using libcrypto.0.9.8.so
 * will be emerged.

 * Collecting system binaries and libraries
 * Generated new 1_files.rr
 * Checking dynamic linking
[ 100% ]                 

 * There are no dynamic links to libcrypto.0.9.8.so... All done.

As expected no problems there. Any other ideas? It only doesn't work with the Pentoo server so far hence I'm inclined to believe it could be a configuration issue of some sort but the error is not really telling much.
_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
ssuominen
Developer
Developer


Joined: 30 Sep 2005
Posts: 2107
Location: Finland

PostPosted: Wed Nov 03, 2010 3:07 pm    Post subject: Reply with quote

Dragonlord wrote:
Already done but did I again for this problem here:
Code:
# revdep-rebuild --library libcrypto.0.9.8.so
 * Configuring search environment for revdep-rebuild

 * Checking reverse dependencies
 * Packages containing binaries and libraries using libcrypto.0.9.8.so
 * will be emerged.

 * Collecting system binaries and libraries
 * Generated new 1_files.rr
 * Checking dynamic linking
[ 100% ]                 

 * There are no dynamic links to libcrypto.0.9.8.so... All done.

As expected no problems there. Any other ideas? It only doesn't work with the Pentoo server so far hence I'm inclined to believe it could be a configuration issue of some sort but the error is not really telling much.


libcrypto.0.9.8.so is not the same thing as libcrypto.so.0.9.8, you have typing error there.

# revdep-rebuild --library libcrypto.so.0.9.8
# revdep-rebuild --library libssl.so.0.9.8

( add net-libs/neon to /etc/portage/package.keywords )

# emerge ">=net-libs/neon-0.29.5"
Back to top
View user's profile Send private message
Grimmlin
n00b
n00b


Joined: 15 Mar 2005
Posts: 32

PostPosted: Wed Nov 03, 2010 3:41 pm    Post subject: Reply with quote

You're right, it's libcrypto.so.0.9.8 (mindfail)

Anyway, it's working fine here with subversion-1.6.13 and neon-0.29.3 on openssl-1.0.0a-r3
Even on openssl-0.9.8 it works fine with neon-0.29.5
_________________
http://www.pentoo.ch
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Sat Nov 06, 2010 6:20 pm    Post subject: Reply with quote

Sorry for the delay but scheduled update today got in the way as rev-deprebuild causing OO to be rebuild (urks). Anyways I did all the rebuilds you mentioned. Although a bunch of packages including openssl had been updated the error persists (and it only exists with Pentoo server no other servers I hook up with):
Code:
layman -a pentoo
* Running... # /usr/bin/svn co https://www.pentoo.ch/svn/portage/trunk//@ /var/lib/layman/pentoo
svn: OPTIONS of 'https://www.pentoo.ch/svn/portage/trunk': SSL handshake failed: SSL error: A TLS warning alert has been received. (https://www.pentoo.ch)
* Deleting _empty_ directory "/var/lib/layman/pentoo"
* Failed to add overlay "pentoo".
* Error was: Adding overlay "pentoo" failed!

_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
mv
Advocate
Advocate


Joined: 20 Apr 2005
Posts: 4011

PostPosted: Sat Nov 06, 2010 6:52 pm    Post subject: Reply with quote

After every update of openssl you must update neon and/or serf (depending on what you are using) (probably this was done already) and after this update you must reemerge subversion. The reason is that openssl, neon, and serf have the policy to do ABI changes without changing the version number of the libraries, so that these problems cannot be found be revdep-rebuild.
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Sun Nov 07, 2010 1:29 pm    Post subject: Reply with quote

I did that, but will try it again. Also why should it fail only on "this" server? I have a SSL SVN running myself without any problems. But let's see...
_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Sun Nov 07, 2010 3:10 pm    Post subject: Reply with quote

Did what you said, same problem:
Code:
# layman -a pentoo
* Running... # /usr/bin/svn co https://www.pentoo.ch/svn/portage/trunk//@ /var/lib/layman/pentoo
svn: OPTIONS of 'https://www.pentoo.ch/svn/portage/trunk': SSL handshake failed: SSL error: A TLS warning alert has been received. (https://www.pentoo.ch)
* Deleting _empty_ directory "/var/lib/layman/pentoo"
* Failed to add overlay "pentoo".
* Error was: Adding overlay "pentoo" failed!

_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
mv
Advocate
Advocate


Joined: 20 Apr 2005
Posts: 4011

PostPosted: Sun Nov 07, 2010 3:53 pm    Post subject: Reply with quote

Then perhaps it is a problem of that server. Perhaps on the server openssl was updated without reemerging subversion... :wink:
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Sun Nov 07, 2010 9:30 pm    Post subject: Reply with quote

Is Grimmlin connected to Pentoo or is he just a user?
_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
idella4
Veteran
Veteran


Joined: 09 Jun 2006
Posts: 1587
Location: Australia, Perth

PostPosted: Mon Nov 08, 2010 10:29 am    Post subject: Reply with quote

ssuominen wrote:

# revdep-rebuild --library libcrypto.so.0.9.8
# revdep-rebuild --library libssl.so.0.9.8

( add net-libs/neon to /etc/portage/package.keywords )

# emerge ">=net-libs/neon-0.29.5"


I attempted layman -a pentoo and got your error.
I just followed as above, emerged neon as above and then the pentoo overlay went straight in.

Code:
 
idella@genny /mnt/gentoo $ layman -a pentoo

A    /var/lib/layman/pentoo/app-misc/ovaldi/Manifest
A    /var/lib/layman/pentoo/app-misc/ovaldi/ovaldi-5.8.1-r100.ebuild
A    /var/lib/layman/pentoo/app-misc/ovaldi/ovaldi-5.8.2.ebuild
A    /var/lib/layman/pentoo/eclass
A    /var/lib/layman/pentoo/eclass/mozextension-2.eclass
Checked out revision 1889.
* Successfully added overlay "pentoo".

To clarify, have you done this?
_________________
idella4@aus
Back to top
View user's profile Send private message
mv
Advocate
Advocate


Joined: 20 Apr 2005
Posts: 4011

PostPosted: Mon Nov 08, 2010 10:34 am    Post subject: Reply with quote

Just now I have also run into a problem with subversion after the serf update (I was using webdav-serf): Most things work correctly, but for an external copy operation, I received reproducable (and after reemerging serf and subversion several times with several CFLAGS) an internal error that subversion cannot get the context. (I did not try with the downgraded serf or with neon.) So perhaps, the new version of serf has broken something...
Back to top
View user's profile Send private message
chias
n00b
n00b


Joined: 06 Nov 2009
Posts: 69
Location: everywhere

PostPosted: Fri Nov 12, 2010 2:35 am    Post subject: Reply with quote

I was having the identical problem as OP. However, following the instructions by ssuominen and quoted by idella4 solved the problem. Thank you!
Back to top
View user's profile Send private message
Grimmlin
n00b
n00b


Joined: 15 Mar 2005
Posts: 32

PostPosted: Fri Nov 12, 2010 8:39 am    Post subject: Reply with quote

Dragonlord wrote:
Is Grimmlin connected to Pentoo or is he just a user?


Yes, I'm a pentoo developer.

For the record, this is only happening when having USE="gnutls" set:

Code:

pentoo ~ # USE="gnutls" emerge --quiet '<neon-0.29.5'

>>> Verifying ebuild manifests
>>> Emerging (1 of 1) net-libs/neon-0.29.3
>>> Installing (1 of 1) net-libs/neon-0.29.3

pentoo ~ # svn update /var/svn/pentoo/
svn: OPTIONS of 'https://www.pentoo.ch/svn': SSL handshake failed: SSL error: A TLS warning alert has been received. (https://www.pentoo.ch)
pentoo ~ # USE="-gnutls" emerge --quiet '<neon-0.29.5'

>>> Verifying ebuild manifests
>>> Emerging (1 of 1) net-libs/neon-0.29.3
>>> Installing (1 of 1) net-libs/neon-0.29.3

pentoo ~ # !svn
svn update /var/svn/pentoo/
At revision 1893.
pentoo ~ #


Also going on neon's website http://www.webdav.org/neon/:
Quote:

Changes in release neon 0.29.5, 14 October 2010 (PGP signature)

* Fix GnuTLS handshakes failures with 'TLS warning alert' (Bryan Cain)
* Further fix for SSPI support on Win32 (Danil Shopyrin)

_________________
http://www.pentoo.ch
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Fri Nov 12, 2010 4:56 pm    Post subject: Reply with quote

So what does this mean now? It's not working so something is wrong somewhere and I doubt it's on my end if it works not with one server but others.
_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
Grimmlin
n00b
n00b


Joined: 15 Mar 2005
Posts: 32

PostPosted: Fri Nov 12, 2010 11:04 pm    Post subject: Reply with quote

What aren't you understanding?
/var/svn/pentoo is a checkout from https://www.pentoo.ch/svn/, it's the same server both times.

It's a neon/gnutls bug. Either re-emerge neon without gnutls or upgrade to a fixed version.

Go to their website and read it by yourself if you don't believe me.
_________________
http://www.pentoo.ch
Back to top
View user's profile Send private message
Dragonlord
Guru
Guru


Joined: 22 Aug 2004
Posts: 347
Location: Switzerland

PostPosted: Sat Nov 13, 2010 1:08 pm    Post subject: Reply with quote

That's not the problem. If I have >1 servers which such an SSL access (including mine at home and the office) and only "one" such server has a problem (with all other servers updated regularly), then to my understanding something is wrong with this "one" server not the "client" trying to connect. I did ALL that has been suggested in and it did NOT change the error. Unless you have another solution for a potential "client side error" I start to doubt a lot it's a client side error. Don't get me wrong, I'm not one looking for the error always in other places but the situation right now does not look to me like this would be the case. I'm also sure I'm not the only one but others might just have given up without voicing their problem. Problems unsolved now for me are future system breakage which is why I tend to solve problems instead of ignoring them otherwise they suddenly come back biting you hard (been there done that, no need for that again).
_________________
Leader and Head Programmer: Epsylon, Drag[en]gine and others
Back to top
View user's profile Send private message
lalebarde
Guru
Guru


Joined: 03 Sep 2006
Posts: 436
Location: France, Haute-Garonne

PostPosted: Thu Jan 17, 2013 9:24 am    Post subject: Reply with quote

Sorry to re-open this old topic, but I have the same problem with more recent versions :

Code:
dev-libs/openssl    Installed versions:  0.9.8x(0.9.8)(19:21:37 16/01/2013)(kerberos sse2 zlib -bindist -gmp -test) 1.0.0j(11:19:20 12/06/2012)(kerberos sse2 test zlib -bindist -gmp -rfc3779 -static-libs)

net-libs/neon    Installed versions:  0.29.6-r2^t(10:57:54 17/01/2013)(kerberos linguas_fr nls ssl zlib -doc -expat -gnutls -libproxy -linguas_cs -linguas_de -linguas_ja -linguas_nn -linguas_pl -linguas_ru -linguas_tr -linguas_zh_CN -pkcs11 -static-libs)

net-libs/serf    Installed versions:  1.1.1(1)(10:57:43 17/01/2013)(-static-libs)

dev-vcs/subversion    Installed versions:  1.7.7(11:01:41 17/01/2013)(apache2 berkdb dso nls webdav-neon -ctypes-python -debug -doc -elibc_FreeBSD -extras -gnome-keyring -java -kde -perl -python -ruby -sasl -vim-syntax -webdav-serf)


I updated/re-emerged in the order specified in this thread. Still :

Code:
# layman -a pentoo
* Running... # /usr/bin/svn co https://www.pentoo.ch/svn/portage/trunk//@ /usr/local/portage/layman/pentoo
svn: E175002: Unable to connect to a repository at URL 'https://www.pentoo.ch/svn/portage/trunk'
svn: E175002: The OPTIONS request returned invalid XML in the response: XML parse error at line 1: Extra content at the end of the document
 (https://www.pentoo.ch/svn/portage/trunk)
* Deleting _empty_ directory "/usr/local/portage/layman/pentoo"
* Failed to add overlay "pentoo".
* Error was: Adding overlay "pentoo" failed!


I also updated

Code:
dev-libs/cyrus-sasl    Installed versions:  2.1.25-r3(2)(11:28:38 17/01/2013)(berkdb gdbm kerberos mysql pam ssl -authdaemond -elibc_FreeBSD -java -ldapdb -openldap -postgres -sample -sqlite -srp -static-libs -urandom)

with no more success.

Any idea please ?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum