Tag Archives: ssl

Subversion and SSL Troubles

Posted on by
2

I decided to upgrade my home Subversion repository to version 1.4.3 as soon as it was released. Since then, my ViewVC application has ceased to work, getting a Python exception every time I try to execute it. Creating a small Python program that just imports the library (from svn import fs) gave me the following error:

ImportError: /usr/local/lib/libsvn_ra_dav-1.so.0: undefined symbol: SSL_load_error_strings

Thinking it was an SSL library problem, I upgraded SSL – a few times. I kept mucking with the options, rebuilding Subversion, only to get everything installed and get that same error:

ImportError: /usr/local/lib/libsvn_ra_dav-1.so.0: undefined symbol: SSL_load_error_strings

Over, and over and over again I repeated the process and got the same result. The absolute definition of insanity. This has been going on for a couple of months and I’ve been trying to address it in my spare time, as I’ve been pretty busy lately during the week and gone to the Relaxation Unit the last few weekends.

I googled my ass off to find the error, but to no avail. Finally today I ran across this thread that explained the problem. After going through my distribution directory for 1.4.4 (which I upgraded at the beginning of the month only to receive the same error) I realized that I hadn’t pulled down the Subversion dependencies tarball and rebuilt neon. So, basically I was using an old version of the neon libraries.

I finally settled on the configure statement listed here, after downloading and untarring the deps file:

./configure --with-ssl --with-apxs=/usr/local/apache2/bin/apxs 
            --with-apr=/usr/local/apache2 --with-apr-util=/usr/local/apache2 
            --enable-shared --with-libs=/usr/local/ssl

This uses the already installed apr libraries that I build with my Apache server, and ensures that the neon shared libraries are built. A quick configure/make/make install/make swig-py/make install-swig-py sequence later and my Python libraries were working fine.

I made it a point this time to document this on the Labs internal wiki, but thought I should throw this out here in public so that others can find it. Hope it helps save the weeks of frustration that I have been suffering for someone out there.

Happy building …

Creating a self signed SSL Certificate – A Brain Dead Script

Posted on by

I have an SSL instance running in the house so that I can access my home Subversion installation remotely. The certificate I generated for this site expired a few months ago and I have procrastinated regenerating it because I seemed to remember it was complicated and I didn’t want to spend the time.

Well, it winds up its not that bad. I found a great summary of the commands necessary in order to do it, and threw together a very quick script to string them all together in order to create SSL certificates for a general host name and figured I’d throw it up here.

I generalized it thinking that I could have two certificates for the virtual hosts I have running on my home server. Unless I’m looking at old information, however, it doesn’t seem that you can have different SSL certificates for virtual hosts running on the same IP address under Apache 2. If you can, and someone knows how to configure Apache to do so, please let me know.

Here’s the script I used to generate the self signed SSL certificates for the house. Super simple. Now I just have to remember to source the script ;).

#!/bin/bash
# Cert4Host.sh - Generate SSL Certificates for a host name.

HOSTNAME="$1";

if [ -z "${HOSTNAME}" ]; then
echo "Usage : Cert4Host.sh HOSTNAME";
exit;
fi

if [ ! -e pass.key ]; then
openssl genrsa -des3 -out pass.key 1024
else
echo "Key already exists ... skipping ..."
fi

openssl rsa -in pass.key -out $HOSTNAME.key
openssl req -new -key $HOSTNAME.key -x509 -out $HOSTNAME.crt -days 999

sudo cp $HOSTNAME.key /usr/local/apache2/conf/ssl.key
sudo cp $HOSTNAME.crt /usr/local/apache2/conf/ssl.crt

Don’t forget to change your Apache SSL configuration to point to the new certificate and key (<hostname>.crt and <hostname>.key, respectively) and restart Apache.