Subversion & Certificate Problems with Ubuntu Precise Pangolin
Wednesday, May 2. 2012
For quite a while the Ubuntu subversion package suffer from bad user certificates that do not follow the standards strictly. In case you have to authenticate with such a certificate subversion will return such an error message:
OPTIONS of '<url>': SSL handshake failed: SSL error: Key usage violation in certificate has been detected. (<url>)
The root of this problem is that the Ubuntu packages link against libneon-gnutls, which handles certificates in a stricter way than libneon. A easy workaround in the past was to simply replace a replace the library link of libneon-gnutls to point to libneon:
sudo mv /usr/lib/libneon-gnutls.so.27 /usr/lib/libneon-gnutls.so.27.old
sudo ln -s /usr/lib/libneon.so.27 /usr/lib/libneon-gnutls.so.27
However once you do this in Ubuntu 12.04 Precise Pangolin you will get a another error message instead:
OPTIONS of <url>': SSL handshake failed: SSL disabled due to library version mismatch (<url>)
After quite some googling it turned out that there is a bug in the version of libneon bundled with Precise that causes this problem. Fortunately this is already fixed with version 0.29.3. To get back to a working subversion perform these steps:
- Uninstall the current libneon package:
sudo apt-get remove libneon27
> - Download the latest libneon package from http://packages.debian.org/squeeze/libneon27 (at the bottom you can choose the right version for your architecture).
- Install the required libssl dependency:
sudo apt-get install libssl0.9.8
- Install the downloaded libneon package. E.g. for the 64Bit architecture:
dpkg -i libneon27_0.29.3-3_amd64.deb
- Change the symbolic links again like described above:
sudo mv /usr/lib/libneon-gnutls.so.27 /usr/lib/libneon-gnutls.so.27.old
sudo ln -s /usr/lib/libneon.so.27 /usr/lib/libneon-gnutls.so.27