Mercurial on Windows vs Linux, spot the problem
by BenV on Feb.17, 2011, under Software
Last week I upgraded our fileserver at work from Debian Lenny to Debian Squeeze.
Obviously a ton of stuff got ‘new’ (read: less ancient) versions, including Apache.
Apart from a reboot or two for new kernels and some config fixes everything went pretty smooth.
This week lotjuh ran into the problem that she couldn’t push to the mercurial repository from windows.
Strange, because everything worked fine from linux. Tested from both the windows 2008 server we have here and another windows 7 machine at home, the both broke with the same cryptic message:
c:\tmp> hg clone --insecure https://fileserver/repository
abort: error: _ssl.c:1325: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Huh. That’s weird.
Obviously google doesn’t help with this, you get some garbage results on how mercurial didn’t do jack with https certificates before version 1.7 and their struggle to implement it.
After some digging I found this in the apache logs:
[Thu Feb 17 12:10:51 2011] [error] [client 192.168.123.321] Re-negotiation request failed
[Thu Feb 17 12:10:51 2011] [error] SSL Library Error: 336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
Feh. Somewhere old SSL libraries are being used! Windows… .always the same.
Solution:
In your apache ssl configuration (mods-enabeld/ssl.conf on Debian), add this:
SSLInsecureRenegotiation on
Note that this obviously isn’t a great solution, but it’s the only way to get it to work on windows at the moment.