From nobody@FreeBSD.org  Sun Feb 17 18:56:51 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
	by hub.freebsd.org (Postfix) with ESMTP id DE4D665D
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 17 Feb 2013 18:56:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id B49E82F1
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 17 Feb 2013 18:56:51 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r1HIupE6065442
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 17 Feb 2013 18:56:51 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id r1HIupq1065441;
	Sun, 17 Feb 2013 18:56:51 GMT
	(envelope-from nobody)
Message-Id: <201302171856.r1HIupq1065441@red.freebsd.org>
Date: Sun, 17 Feb 2013 18:56:51 GMT
From: Shane Ambler <FreeBSD@Shaneware.biz>
To: freebsd-gnats-submit@FreeBSD.org
Subject: The ASM option for openssl port causes svn over https to fail
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         176214
>Category:       ports
>Synopsis:       The ASM option for security/openssl causes svn over https to fail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 17 19:00:00 UTC 2013
>Closed-Date:    Tue Feb 19 07:37:21 CET 2013
>Last-Modified:  Tue Feb 19 07:37:21 CET 2013
>Originator:     Shane Ambler
>Release:        9.1-RELEASE
>Organization:
>Environment:
FreeBSD leader.local 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r246600: Sun Feb 10 16:13:27 CST 2013     shane@leader.local:/usr/obj/usr/src/sys/dtracekern  amd64

>Description:
After upgrading to 9.1 I found that accessing a subversion repo over https failed. After some experimentation I found the cause was the ASM option in the openssl port. Turning the ASM option off and rebuilding enables svn over https and turning it on again causes it to fail.

With the MAINTAINER_DEBUG enabled in devel/subversion I get the following output -

% svn co https://svn0.us-west.FreeBSD.org/base/ test-svn

subversion/svn/checkout-cmd.c:168: (apr_err=175002)
subversion/libsvn_client/checkout.c:110: (apr_err=175002)
subversion/libsvn_client/ra.c:475: (apr_err=175002)
subversion/libsvn_client/ra.c:335: (apr_err=175002)
subversion/libsvn_ra/ra_loader.c:496: (apr_err=175002)
svn: E175002: Unable to connect to a repository at URL 'https://svn0.us-west.freebsd.org/base'
subversion/libsvn_ra_neon/util.c:1556: (apr_err=175002)
subversion/libsvn_ra_neon/util.c:1152: (apr_err=175002)
svn: E175002: The OPTIONS request returned invalid XML in the response: XML parse error at line 1: not well-formed (invalid token) (https://svn0.us-west.freebsd.org/base)

While the xml error is fairly consistent and misleading I have also seen ssl handshake failed. The error number 175002 also shows up if the server doesn't respond to that protocol or if you Ctrl-C during a checkout. The invalid xml response may come from svn not catching the error.

I built my 9.1 amd64 world from svn a week ago using the following options in src.conf
WITH_CLANG_EXTRAS=yes
WITH_CLANG_IS_CC=yes
WITH_LIBCPLUSPLUS=yes
WITH_ICONV=yes
WITH_BSD_GREP=yes
WITH_BSD_SORT=yes
WITH_CTF=yes
WITHOUT_GCC=yes

I have set CC=clang (and CXX CPP) in make.conf so this may be a clang related issue as I haven't tested with a gcc build. I have also added WITH_OPENSSL_PORT=yes to make.conf. While I am running a kernel with dtrace enabled I have tested with a generic kernel as well.

I have used the following cflags for a while -
CFLAGS= -O3 -fno-strict-aliasing -pipe 

For DTrace support I have now added -
STRIP=
CFLAGS+= -fno-omit-frame-pointer
WITH_CTF=1

>How-To-Repeat:
Add WITH_OPENSSL_PORT=yes to make.conf
Possibly need to add CC=clang CXX=clang++ CPP=clang-cpp as well
build and install security/openssl and devel/subversion
svn co https://svn0.us-west.FreeBSD.org/base/ test-svn

disabling the ASM option in openssl will allow the svn co to work and enabling it causes it to fail.
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->dinoex 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sun Feb 17 22:47:30 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=176214 
State-Changed-From-To: open->feedback 
State-Changed-By: dinoex 
State-Changed-When: Mon Feb 18 23:09:45 CET 2013 
State-Changed-Why:  


sorry, what VERSION of the openssl port did you use? 
please update to openssl-1.0.1_8 and try again. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=176214 

From: Shane Ambler <FreeBSD@ShaneWare.Biz>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/176214: The ASM option for security/openssl causes svn
 over https to fail
Date: Tue, 19 Feb 2013 12:22:44 +1030

 I had 1.0.1_6 from a week ago.
 
 1.0.1_8 does fix the issue. Sorry I should have thought of checking 
 versions. I hadn't updated ports as I am still in the middle of 
 rebuilding everything for 9.1
State-Changed-From-To: feedback->closed 
State-Changed-By: dinoex 
State-Changed-When: Tue Feb 19 07:36:29 CET 2013 
State-Changed-Why:  
problem was fixed with the update. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=176214 
>Unformatted:
