You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The subversion client that comes with the Ubuntu linux distribution has problems connecting to the Rice campus subversion server.

The problem stems from the fact that Ubuntu packages are by default compiled against gnutls instead of openssl. There appears to be a protocol issue with the gnutls package that causes extremely slow server response when connecting to our openssl compiled server.

There are two possible solutions to this issue for users.

Recompile the subversion client

This script may serve as a starting point if you decide to recompile the subversion clients. It works on Ubuntu 9.04.

#!/bin/sh
echo "This script will reconfigure subversion to work with certs correctly."
echo "Steps outlined by dcrooke and compiled into this script by Kalosaurusrex"
echo "Please see the ubuntuforums.org thread for more information, questions or help."
echo "http://ubuntuforums.org/showthread.php?p=6057983"
echo ""
echo ""
echo "Please run this script as USER ONLY."
echo ""
echo "Press control-c to quit..else the script will start in 5 seconds."
sleep 5
sudo apt-get update
sudo apt-get install build-essential openssl ssh expat libexpat1-dev libxyssl-dev libssl-dev
sudo apt-get remove subversion
sudo dpkg --purge subversion
wget http://subversion.tigris.org/downloads/subversion-1.6.12.tar.gz
wget http://subversion.tigris.org/downloads/subversion-deps-1.6.12.tar.gz
tar xvfz subversion-1.6.12.tar.gz
tar xvfz subversion-deps-1.6.12.tar.gz
cd subversion-1.6.12/neon/
./configure --prefix=/usr/local --with-ssl --with-pic
make
sudo make install
cd ..
rm -rf neon
./configure --prefix=/usr/local --with-ssl --with-neon=/usr/local
make
sudo make install
cd ..
rm -rf subversion-1.6.12
rm subversion-1.6.12.tar.gz
rm subversion-deps-1.6.12.tar.gz
exit 0
Unknown macro: {error}

Install the Ubuntu openssl compiled Neon package

Since subversion encapsulates the SSL/encryption routines fully within the Neon package, by replacing this package it is possible trick subversion into using openssl without the need to recompile the subversion client. However, depending on how you implement this solution, you may effect all other Neon compiled packages on the system.

Ubuntu has two versions of Neon available.

  • libneon27 (which uses openssl)
  • libneon27-gnutls (which uses gnutls)

First you need to install the openssl version of Neon, assuming that it doesn't already exist on your system.

sudo apt-get install libneon27

Then you need to set a special environment variable called LD_PRELOAD to point to the openssl compiled version of Neon.

export LD_PRELOAD=/usr/lib/libneon.so.27

Now when you try to execute anything compiled against the Neon library, the openssl version will be used.

Credits

I would like to thank Professor Rixner and his graduate students who were instrumental in the testing of this problem and for coming up with these solutions.

  • No labels