#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords: svn, openssl
---------------------------+--------------------------
Dear SAC,
since today I am unable to update GRASS SVN repo:
{{{
Updating '.':
svn: E170013: Unable to connect to a repository at URL
'https://svn.osgeo.org/grass/grass/trunk’
svn: E120171: Error running context: An error occurred during SSL
communication
}}}
Could be related to recent changes in Debian regarding OpenSSL (1). Is
there anything related to OSGeo server or just my issue? Thanks for
clarification. Martin
(1) https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by neteler):
Your assumption could be right:
https://www.ssllabs.com/ssltest/analyze.html?d=svn.osgeo.org&latest
--> " The server supports only older protocols, but not the current best
TLS 1.2. Grade capped to C.
[...]
* TLS 1.3 No
* TLS 1.2 No
* TLS 1.1 No
* TLS 1.0 Yes"
An upgrade of the server configuration would be a good idea.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Changes (by martinl):
* priority: normal => critical
Comment:
Replying to [comment:1 neteler]:
> An upgrade of the server configuration would be a good idea.
So I am taking liberty to increase priority. For now I will try to
downgrade openssl package on my PC.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by strk):
It looks like it'd take manually compiling libssl and mod_ssl.
Or upgrade to a still supported Debian version (even backports repository
has been obsoleted)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by strk):
Or switch to https://mod.gnutls.org/ ...
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by strk):
It looks like The version of gnutls on that server already supports TLS1.2
$ gnutls-cli -l | grep TLS1.2
Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2
And the apache module is available, so could be a viable path to switch to
that.
Only it might taking tweaking some apache configurations (/etc/apache is
under a local git repository though, which should help)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by strk):
For the record: Ubuntu 17.04 does not ship mod_ssl anymore, but it does
ship mod_gnutls.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by mlennert):
Just a ping, confirming the same issue for me. And yes, this happens after
the Debian OpenSSL upgrade.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by jef):
quick workaround:
{{{
apt-get build-dep openssl
apt-get source openssl
cd openssl-1.1.0f
sed -i -e "s/disable-tls1 disable-tls1_1/# &/" debian/rules
DEB_BUILD_OPTIONS="nocheck parallel" dpkg-buildpackage -us -uc -b
sudo dpkg -i ../libssl1.1_1.1.0f-4_amd64.deb
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:8>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by strk):
For those like me who receive comments by mail: the suggested workaround
is for clients, not server (post-submit edit of trac comments are not
notified by mail, the info was added later)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:9>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by mlennert):
Thanks for the workaround. Are there any plans of upgrading the server so
it supports 1.2+ ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:10>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by martinl):
Any chance to get svn server fixed to support 1.2+?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:11>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by strk):
I don't have time to work on it, but if anyone else does
I suggest to look at GNU-lts module (is avalable as packaged
for the version of OS on that system).
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:12>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by rduivenvoorde):
During OSGeo-NL GRASS-intro, we were hit with this one too 
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:13>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Changes (by strk):
* priority: critical => blocker
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:14>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by goatbar):
Sigh. Hit the same on a debian testing based distro.
{{{
svn --version
svn, version 1.9.7 (r1800392)
compiled Aug 17 2017, 02:50:12 on x86_64-pc-linux-gnu
svn co https://svn.osgeo.org/gdal/trunk/gdal
svn: E170013: Unable to connect to a repository at URL
'https://svn.osgeo.org/gdal/trunk/gdal’
svn: E120171: Error running context: An error occurred during SSL
communication
apt-cache show subversion
Depends: libsvn1 (= 1.9.7-2), libapr1 (>= 1.5.0), libaprutil1 (>=
1.3.2+dfsg), libc6 (>= 2.4), libldap-2.4-2 (>= 2.4.7), libsasl2-2
apt-cache show openssl | egrep 'Version'
Version: 1.1.0f-4
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:15>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by robe):
I have run into similar issues when using Caddy (for proxying). This just
highlights the fact we are desperately in need of upgrading the trac
server. The OS is just too old. It's running Debian 6 which at this point
is ancient.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:16>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by martin):
In order to resolve this issue I'm planning to upgrade the TracSVN VM this
Friday (2018-02-16) to a more recent version of Debian Linux. Outages will
occur at some point in the process, reboot will be synced with OSL staff.
Currently the following VM's still run an outdated distro, some of which
I'd prepare to upgrade as well:
secure / projects / web / download / tracsvn / wiki
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:17>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by strk):
Great news, thank you !
Please make sure to update the VM information on the wiki
at the end of the upgrade process.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:18>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1981: E120171: Error running context: An error occurred during SSL communication
---------------------------+--------------------
Reporter: martinl | Owner: sac@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: Systems Admin | Resolution:
Keywords: svn, openssl |
---------------------------+--------------------
Comment (by martin):
Upgrade to Debian7 on TracSVN VM is almost complete, please report
features which might have gone lost.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1981#comment:19>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.