I got a chance to work on old MacBook Pro recently. Get the memory upgraded to 8GB from 4GB, OS X upgraded to Mountain Lion 10.8.2 from Snow Leopard 10.6.8. Everything seems good from the few days trying. But when I tried to connect to SVN this morning, I could not checkout!
SSL handshake failed: SSL error code -1/1/336032856
Using the ‘Connect to repository’ feature from Xcode 4.6 got the same error.
Checking with Ronald who has used Mac as working laptop for a while, he mentioned he also encountered the same issue when he led a team to develop an iOS App. He has submitted a service ticket to IT, but got the answer ‘Mac is not in the support scope.’ And due to schedule pressure, his team decided to use git instead.
From Google, I learnt the reason of getting this error is the Certification from the Subversion Server is not trusted. And this issue could be resolved from the client side. The issue is also listed in Apache Subversion official FAQ page. And the solution seems just upgrade the openssl to 1.0.0d. That’s easy. Go to openssl.org, download the openssl-1.0.0d.tar.gz, unzip and then install it.
Run subversion checkout again. SSL handshake still fail! 🙁
There is a link residing in the Apache Subversion FAQ page. It is a long page so that I didn’t pay much attention on. This time I decide to look at it carefully…
Aha, the error was caused by 2 bugs actually:
- one is from the openssl (fixed in 1.0.0d)
- another is from neon (fixed in 0.29.5)
I don’t know the neon issue was resolved in which exact version of subversion. But I think the latest version should be working. After getting the subversion upgraded to the latest (1.7.8), the error is gone. Yeah, now I can get the repository checked out successfully.
Below are the detailed steps and commands I used (the commands need to be executed from sudo).
Step 1 – Install openssl 1.0.0d or above.
Step 1.1 – Download openssl 1.0.0d or above version. Unzip it and go to the folder.
mkdir openssl && curl -L http://www.openssl.org/source/openssl-1.0.0d.tar.gz | tar xz --strip 1 -C openssl
cd openssl
Step 1.2 – Configure
./config
openssl is installed to /usr/local/bin/openssl by default, if you want to install to other location, you can specify the location like below
./config --openssldir=/your/preferred/location
Step 1.3 – Make and Install.
make
make test
make install
Step 1.4 – Back up the original openssl and make a link for the new installed openssl. If you have specified /usr/bin as the installation location during Step 1.2, you can skip this step.
mv /usr/bin/openssl /usr/bin/openssl_0.9.8r
ln -s /usr/local/bin/openssl /usr/bin/openssl
Step 1.5 – Verify your openssl version
openssl version
Step 2 – Upgrade subversion to the latest version. I use Homebrew (thanks Ronald introduce this apt-get tool to me) this time.
Step 2.1 – Get the latest version information
brew versions subversion
Step 2.2 – below command actually is you copy-paste from the output of previous step.
git checkout f7a42d2 /usr/local/Library/Formula/subversion.rb
Step 2.3 – Install subversion. From the terminal output, you will see actually Homebrew is also installing from the source but it saves your typing time
brew install subversion
Step 2.4 Similar to Step 1.4, Back up the original svn and make a link for the new installed.
mv /usr/bin/svn /usr/bin/svn_1.6.18
ln -s /usr/local/bin/svn /usr/bin/svn
Step 2.5 – Verify your subversion version
svn --version
Do a svn checkout – Now you should not see the error!