You are not logged in.

#1 2013-11-05 10:05:08

ebal
Member
From: Athens, Greece
Registered: 2009-05-26
Posts: 224
Website

[SOLVED] mercurial and ssl problems

Upgraded to mercurial 2.8.1 and i am getting this error:

abort: error: _ssl.c:504: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

downgraded to 2.7.2-1 and everything is ok.

Tested on two different machines, checked openssl and every ssl library, checked by hand my ssl cert.

I pinpoint it to mercurial after cross checking the pacman.log

I am not 100% sure that this is a bug on building process or on upstream.

Did a quick search on forum & bugs but didnt find "exactly" the same, so i am posting this here.

Hope with this post to help others.

Last edited by ebal (2014-05-11 20:07:04)


https://balaskas.gr
Linux System Engineer - Registered Linux User #420129

Offline

#2 2013-11-05 16:27:26

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] mercurial and ssl problems

Works fine here. What else was in your upgrade?


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2013-11-06 05:52:33

ebal
Member
From: Athens, Greece
Registered: 2009-05-26
Posts: 224
Website

Re: [SOLVED] mercurial and ssl problems

a lot of staff, here is the list:

http://pastebin.com/f4yFsuuu

but after downgraded to mercurial 2.7.2 everything works fine again. Almost exactly the same packages on the second machine. I tried to downgrade python2-pyopenssl but got the same error with mercurial 2.8.1 so i upgraded python2-pyopenssl and downgrade mercurial.

The certificate i use is singed by cacert and the above error was on both machines on pull/push or even clone a new one.


https://balaskas.gr
Linux System Engineer - Registered Linux User #420129

Offline

#4 2013-11-06 06:03:20

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] mercurial and ssl problems

Run a stack trace to see if you can get any more information...


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2013-11-06 07:56:44

ebal
Member
From: Athens, Greece
Registered: 2009-05-26
Posts: 224
Website

Re: [SOLVED] mercurial and ssl problems

Here are my notes on the first PC (work PC)

http://ebalaskas.gr/img/mercurial_2.8.1_error.txt

be aware that this PC is behind a proxy and my hosts is created after winhelp2002.mvps.org/hosts.htm


https://balaskas.gr
Linux System Engineer - Registered Linux User #420129

Offline

#6 2013-11-06 14:26:45

haraldkl
Member
Registered: 2013-11-06
Posts: 13

Re: [SOLVED] mercurial and ssl problems

I got exactly the same problem after upgrading mercurial today.

[2013-11-06 12:18] [PACMAN] upgraded mercurial (2.7.2-1 -> 2.8-1)

Offline

#7 2013-12-09 19:06:17

ebal
Member
From: Athens, Greece
Registered: 2009-05-26
Posts: 224
Website

Re: [SOLVED] mercurial and ssl problems

Do i need to open a bug report - or in the end is just me ?


https://balaskas.gr
Linux System Engineer - Registered Linux User #420129

Offline

#8 2013-12-11 16:04:10

haraldkl
Member
Registered: 2013-11-06
Posts: 13

Re: [SOLVED] mercurial and ssl problems

It seems, that the problem disappeared now for me after upgrading to 2.8.1.

Offline

#9 2014-05-11 20:06:46

ebal
Member
From: Athens, Greece
Registered: 2009-05-26
Posts: 224
Website

Re: [SOLVED] mercurial and ssl problems

Today i have studied the problem more carefully and found the problem.

The problem is on SSL Handshake and specifically on the SSLProtocol that my server provide against the client openssl !

a simple "SSLProtocol All -SSLv2" on the (apache) server side fixed the issue.

So this wasnt in any case a mercurial or an archlinux problem.

Sorry


https://balaskas.gr
Linux System Engineer - Registered Linux User #420129

Offline

#10 2014-05-11 20:37:47

haraldkl
Member
Registered: 2013-11-06
Posts: 13

Re: [SOLVED] mercurial and ssl problems

ebal wrote:

So this wasnt in any case a mercurial or an archlinux problem.

In fact it was a Mercurial problem and described here: http://bz.selenic.com/show_bug.cgi?id=4038. The problem was, that there was an Mercurial release which did not accept TLS connections anymore, but only SSLv3. However, this supposedly was solved by http://selenic.com/repo/hg/rev/47ff9d1abfa9

Offline

Board footer

Powered by FluxBB