10,290 views

svn on Fedora 15 with client certificates “Safe renegotiation failed” problem

When I changed my svn repositories to use client certificate authentication and authorisation the svn client on my Fedora 15 box did not work any more.

This was for the command line svn client as well for the gui client RapidSVN which I use.

The error I got was “Safe renegotiation failed“. Id did not get this error on my Fedora 14 box. This error is part of a flaw found in the TLS protocol, discovered somewhere in 2009, which now has been fixed in most software.

After some digging around it appeared that on Fedora 15 the svn client uses libneon which in turn uses gnutls for it’s tls sessions. The versions for libneon and gnutls are different between Fedora 15 and 14 so the problem is somewhere there.

I know, from another project, that libneon can be compiled again gnutls but also against openssl. So the first thing I tried was to recompile libneon but now against openssl.

$> su -
#> yum -y install openssl-devel
#> wget http://www.webdav.org/neon/neon-0.29.6.tar.gz
#> tar -zxvpf neon-0.29.6.tar.gz
#> cd neon-0.29.6
(Next is for an 64-bit system. Remove the --libdir part on 32-bit systems)
#> ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl=openssl --with-gnu-
ld --enable-shared=yes
#> make
#> make install

After this I retried the svn client and it worked as I expected it. Even RapidSVN did work. It probably uses the commandline svn client.

So problem solved.

This entry was posted in Fedora 15, openssl, svn and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.