Bug 140676

Summary:	emerge net-misc/neon with 'gnutls ' flag - SVN don't fetch external self-signed certificates
Product:	Gentoo Linux	Reporter:	Hueseyin Koese <coosee>
Component:	[OLD] Library	Assignee:	Paul de Vrieze (RETIRED) <pauldv>
Status:	RESOLVED CANTFIX
Severity:	normal	CC:	sascha-gentoo-bugzilla
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Hueseyin Koese 2006-07-16 11:00:18 UTC

hallo,

try to update kaffeine from SVN:

svn co svn://anonsvn.kde.org/home/kde/trunk/extragear/multimedia
U    multimedia/amarok/HACKING
D    multimedia/amarok/src/scripts/score2rating/TODO
U    multimedia/amarok/src/scripts/score2rating/score2rating.rb
U    multimedia/amarok/src/scripts/score2rating/README
U    multimedia/amarok/src/amarokcore/amarokdcophandler.cpp
U    multimedia/amarok/src/mediadevice/daap/amarok_daap-mediadevice.desktop
 U   multimedia/amarok

Hole externen Verweis nach 'multimedia/admin'

svn: PROPFIND Anfrage fehlgeschlagen auf '/home/kde/branches/KDE/3.5/kde-common/admin'
svn: PROPFIND von '/home/kde/branches/KDE/3.5/kde-common/admin': SSL negotiation failed: SSL alert received: Handshake failed (https://svn.kde.org)

---

svn: PROPFIND request failed on '/home/kde/branches/KDE/3.5/kde-common/admin'
svn: PROPFIND from '/home/kde/branches/KDE/3.5/kde-common/admin': SSL negotiation failed: SSL alert received: Handshake failed (https://svn.kde.org)

---

don't know why it's worked before!

---

neon-0.26.1
subversion-1.3.2-r1
openssl-0.9.8b

---

emerge --info

Portage 2.1.1_pre3 (default-linux/x86/2006.0, gcc-4.1.1/vanilla, glibc-2.4-r3, 2.6.17-no4-1 i686)
=================================================================
System uname: 2.6.17-no4-1 i686 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.12.1
ccache version 2.4 [enabled]
app-admin/eselect-compiler: 2.0.0_rc2-r1
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r2
dev-util/confcache:  0.4.2-r1
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.93, 2.17, 2.17.50.0.2
sys-devel/gcc-config: 2.0.0_rc1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r5
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon64 -pipe -fomit-frame-pointer -ftracer -fweb -frename-registers -freorder-blocks-and-partition"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/eselect/compiler /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=athlon64 -pipe -fomit-frame-pointer -ftracer -fweb -frename-registers -freorder-blocks-and-partition -fvisibility-inlines-hidden"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache confcache distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/"
LANG="de_DE.utf8"
LC_ALL="de_DE.utf8"
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,-Bdirect -Wl,-hashvals -Wl,-zdynsort"
LINGUAS="de"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/local/overlays/emission /usr/local/overlays/xgl-coffee"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 / 3dnow 3dnowext 7zip X X509 Xaw3d a52 aac aalib accessibility acl acpi adns afs akode alsa amr ao aotuv apm ares arts artswrappersuid artworkextra asf asterisk async audiofile authdaemond avahi avi bash-completion bashlogger bcp bdf beagle berkdb bidi bindist bitmap-fonts bjam bl bluetooth bogofilter bonjour bookmarks branding bzip2 cairo caps cdda cddb cdparanoia cdr cgi chipcard chroot cli cpudetection crypt cscope css cups curl cursors custom-cflags daap dbus dga dio directfb djbfft djvu dlloader dmi dri dtaus dts dv dvb dvd dvdr dvdread dvi dynagraph dynamic edl eds elf emboss encode esd esx examples exif exo expat extensions fam fame fbcon fbsplash ffmpeg firefox flac flash fltk foomaticdb fortify fortran fpx gcj gdbm gdm geldkarte ggi gif glibc-omitfp glitz glut gmp gnokii gnome gnutls gpg2-experimental gphoto2 gpm graphviz gs gsl gstreamer gtk gtk2 gtkhtml guile hal hbci hpn httpd icons id3 idea idn ieee1394 ifc imagemagick imap imlib insecure-savers ipv6 irda irmc isdnlog jack java jbig jce jikes joystick jpeg jpeg2k justify kde kdehiddenvisibility kdgraphics kdm kerberos kig-scripting kipi ladcca lame lcms ldap ldapsam lesstif libcaca libclamav libedit libg++ libsamplerate libwww lirc live lm_sensors logitech-mouse logrotate lpr lua lzo mad mailwrapper matroska mbox mbrola md5sum mdnsresponder-compat mfd-rewrites mikmod mime ming mjpeg mmap mmx mmxext mng mod modplug mono motif mozcalendar mozsha1 mozsvg mp3 mp4 mp4live mpeg mpeg2 mplayer msdfs msn multicall musepack musicbrainz nagios-dns nagios-game nagios-ntp nagios-ping nagios-ssh nautilus ncurses neXt netboot netjack network new-login nfs nis nls nntp nptl nptlonly nsplugin numeric nvidia nvtv oav objc objc++ odbc offensive ofx ogg oggvorbis ole openal openexr opengl openntpd optimisememory osc oscar oss pam pam_chroot pam_console pam_timestamp panel-plugin pango parse-clocks pcre pda pdf pdflib perl perlsuid pertty pg-intdatetime physfs player pmu png portaudio postgres povray ppds pppd pwdb pyste python qt qt3 qt4 quicktime quinnstorm quotas radius rar rdesktop readline real recode reflection rle rrdcgi rtc rtsp ruby samba sample sasl scanner screen sdl seamonkey sensord serial server session sftplogging shorten shout sid skey skins slang slp smartcard smime sms smux sndfile snmp socks5 sox speex spell spl sqlite srp sse sse2 sse3 ssl staircase startup-notification stream subtitles svg svga swat sysfs syslog t1lib tcltk tcpd tetex theora threads thumbnail thunar-vfs tidy tiff timidity toolbar tools truetype truetype-fonts type1-fonts ucs2 udev unicode ups urandom usb userlocales v4l v4l2 vcd vdr videos vim-pager vim-with-x visualization vlm vorbis vorbis-psy webdav widescreen wifi win32codecs winbind wma wmf wxwindows x264 xanim xcomposite xface xine xinerama xinetd xml xml2 xmldoclet xmms xorg xosd xpm xprint xrandr xscreensaver xslt xv xvid xvmc yellownet yv12 zip zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev input_devices_joystick kernel_linux linguas_de userland_GNU video_cards_nvidia video_cards_nv video_cards_fbdev video_cards_vesa video_cards_vmware"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_RSYNC_EXTRA_OPTS

CooSee ' Ya

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2006-07-16 11:04:17 UTC

This isn't a security bug; the KDE SVN server seems to be misconfigured and we can't do anything about that.

Comment 2 Hueseyin Koese 2006-07-19 17:47:23 UTC

(In reply to comment #1)
> This isn't a security bug; the KDE SVN server seems to be misconfigured and we
> can't do anything about that.
> 

hallo,

i solve it !

emerge net-misc/neon without the ' gnutls ' flag and now svn checkout ask me
to validate !

svn co svn://anonsvn.kde.org/home/kde/trunk/extragear/multimedia

Hole externen Verweis nach 'multimedia/admin'
Fehler bei der Validierung des Serverzertifikats f

Comment 3 Hueseyin Koese 2006-07-19 17:47:23 UTC

(In reply to comment #1)
> This isn't a security bug; the KDE SVN server seems to be misconfigured and we
> can't do anything about that.
> 

hallo,

i solve it !

emerge net-misc/neon without the ' gnutls ' flag and now svn checkout ask me
to validate !

svn co svn://anonsvn.kde.org/home/kde/trunk/extragear/multimedia

Hole externen Verweis nach 'multimedia/admin'
Fehler bei der Validierung des Serverzertifikats für 'https://svn.kde.org:443':
- Das Zertifikat ist nicht von einer vertrauenswürdigen Instanz ausgestellt
Überprüfen Sie den Fingerabduck, um das Zertifikat zu validieren!
Zertifikats-Informationen:
- Hostname: svn.kde.org
- Gültig: von Wed, 11 May 2005 10:08:21 GMT bis Sat, 09 May 2015 10:08:21 GMT
- Aussteller: SVN, KDE e.V., Nuernberg, Bavaria, DE
- Fingerabdruck: e1:e6:41:96:3c:eb:ae:78:e2:73:0d:a2:32:2f:6b:21:13:bf:3d:0f
Ve(r)werfen, (t)emporär akzeptieren oder (p)ermanent akzeptieren? p
A multimedia/admin/config.pl
A multimedia/admin/Doxyfile.am
A multimedia/admin/mkinstalldirs
A multimedia/admin/Doxyfile.global
A multimedia/admin/conf.change.pl
A multimedia/admin/doxygen.sh
A multimedia/admin/depcomp
A multimedia/admin/deps.am
A multimedia/admin/compile
A multimedia/admin/libtool.m4.in
A multimedia/admin/bcheck.pl
A multimedia/admin/config.guess
A multimedia/admin/debianrules
A multimedia/admin/config.sub
A multimedia/admin/ltmain.sh
A multimedia/admin/detect-autoconf.pl
A multimedia/admin/am_edit
A multimedia/admin/cvs.sh
A multimedia/admin/Makefile.common
A multimedia/admin/pkg.m4.in
A multimedia/admin/oldinclude.m4.in
A multimedia/admin/configure.in.min
A multimedia/admin/nmcheck
A multimedia/admin/missing
A multimedia/admin/acinclude.m4.in
A multimedia/admin/configure.in.bot.end
A multimedia/admin/install-sh
A multimedia/admin/ylwrap
U multimedia/admin
Externer Verweis ausgecheckt, Revision 564369.

Ausgecheckt, Revision 564367.

---

i will write a bug report about ' net-misc/neon '

CooSee ' Ya

Comment 4 Jakub Moc (RETIRED) gentoo-dev

2006-07-19 23:30:26 UTC

*** Bug 141104 has been marked as a duplicate of this bug. ***

Comment 5 Jakub Moc (RETIRED) gentoo-dev

2006-07-19 23:32:22 UTC

Reopen and re-assign.

Comment 6 Paul de Vrieze (RETIRED) gentoo-dev

2006-07-20 04:33:12 UTC

It is probably a missing feature in subversion. The only thing I can do at this point is to have the subversion ebuild bail out if neon was build with the wrong ssl library.