Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
> > > There are crypted with a passphrase, is it the problem ? (It's > recommend in > > installation document for linux) or it's because client can't obtain > > certificat ? > > Yes, cvsnt can't use them. This is mentioned on the installation > document I > think. I use a not crypted cert but change nothing > > There's no point in putting a passphrase on certificates that are > used for a > server, as you would have to store the passphrase in plaintext on > the server > anyway - negating any advantage you get from the passphrase in > the first place. > > > I'm running cvsnt 2.0.34 on FreeBSD 5.2.1. > > That's quite old... It should work though (2.0.41 has slightly > better logging > of the server side errors). Upgraded but change nothing also. It's seems that is a protocol version problem, I used openssl s_client to test, here is trace : #/usr/local/bin/openssl s_client -connect 10.0.0.12:2402 -state -debug CONNECTED(00000005) SSL_connect:before/connect initialization write to 080B5280 [080CB000] (148 bytes => 148 (0x94)) 0000 - 80 92 01 03 01 00 69 00-00 00 20 00 00 39 00 00 ......i... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... 0030 - 00 80 00 00 66 00 00 05-00 00 04 01 00 80 08 00 ....f........... 0040 - 80 00 00 63 00 00 62 00-00 61 00 00 15 00 00 12 ...c..b..a...... 0050 - 00 00 09 06 00 40 00 00-65 00 00 64 00 00 60 00 ..... at ..e..d..`. 0060 - 00 14 00 00 11 00 00 08-00 00 06 04 00 80 00 00 ................ 0070 - 03 02 00 80 1b b2 9e b6-34 63 e4 05 b2 ce 6e 24 ........4c....n$ 0080 - 72 f8 ec 11 ca b5 dd 21-92 fa 54 7f 70 29 a7 e7 r......!..T.p).. 0090 - 05 bd 1d fc .... SSL_connect:SSLv2/v3 write client hello A read from 080B5280 [080D1000] (7 bytes => 7 (0x7)) 0000 - 43 56 53 4c 6f 63 6b CVSLock SSL_connect:error in SSLv2/v3 read server hello A 48516:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475: And if I specify use of ssl2 : #/usr/local/bin/openssl s_client -connect 10.0.0.12:2402 -state -debug CONNECTED(00000005) SSL_connect:before/connect initialization write to 080B5300 [080D4001] (51 bytes => 51 (0x33)) 0000 - 80 31 01 00 02 00 18 00-00 00 10 07 00 c0 05 00 .1.............. 0010 - 80 03 00 80 01 00 80 08-00 80 06 00 40 04 00 80 ............ at ... 0020 - 02 00 80 a3 33 c6 9c 6a-8f cf 77 69 ad 0b 97 45 ....3..j..wi...E 0030 - 94 e9 .. 0033 - <SPACES/NULS> SSL_connect:SSLv2 write client hello A read from 080B5300 [080CB000] (2 bytes => 2 (0x2)) 0000 - 43 56 CV read from 080B5300 [080CB002] (855 bytes => 16 (0x10)) 0000 - 53 4c 6f 63 6b 20 32 2e-30 20 52 65 61 64 79 0a SLock 2.0 Ready. So it's seems to work better but how to specify use of ssl2 in CVSROOT syntax, I try :sserver;ssl2: ... but it's not working Ps I try on port 2401 where is running cvs in xinetd and its excatly the same thing. I'm running Openssl 0.9.7c and I try also with 0.9.7d Thanks for help.