From owner-freebsd-current@freebsd.org  Wed Feb  3 16:02:05 2021
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DCE6B53AC4A
 for <freebsd-current@mailman.nyi.freebsd.org>;
 Wed,  3 Feb 2021 16:02:05 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org
 [IPv6:2610:1c1:1:606c::24b:4])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DW5zK5xSpz4nlK;
 Wed,  3 Feb 2021 16:02:05 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from John-Baldwins-MacBook-Pro.local (unknown
 [IPv6:2601:648:8681:1cb0:d95c:1ec6:b6d4:19d4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate) (Authenticated sender: jhb)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 437BD35C47;
 Wed,  3 Feb 2021 16:02:05 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Subject: Re: (n244517-f17fc5439f5) svn stuck forever in /usr/ports?
To: "Hartmann, O." <ohartmann@walstatt.org>,
 Rick Macklem <rmacklem@uoguelph.ca>
Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>,
 Guido Falsi <mad@madpilot.net>,
 "junchoon@dec.sakura.ne.jp" <junchoon@dec.sakura.ne.jp>
References: <20210130073923.0b2a80c1@hermann.fritz.box>
 <20210130192520.e7cf7f680c0abd31b0771107@dec.sakura.ne.jp>
 <18e15d74-d95b-76b7-59a4-64a8f338ba73@madpilot.net>
 <a5e18e3b-181c-c094-b98c-7e233cdac972@madpilot.net>
 <20210131103510.30d9a322@hermann.fritz.box>
 <86a368dc-f118-79fb-2ed8-af461041198a@madpilot.net>
 <YQXPR0101MB0968D09A38D0A8E244D8C2C6DDB79@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
 <YQXPR0101MB09685FEFF739DDD3BB1E957EDDB69@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
 <20210203071608.1c2118b6@hermann.fritz.box>
From: John Baldwin <jhb@FreeBSD.org>
Message-ID: <fe30c41c-1e79-d814-1567-e61e3881641b@FreeBSD.org>
Date: Wed, 3 Feb 2021 08:02:03 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0)
 Gecko/20100101 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <20210203071608.1c2118b6@hermann.fritz.box>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2021 16:02:05 -0000

On 2/2/21 10:16 PM, Hartmann, O. wrote:
> On Mon, 1 Feb 2021 03:24:45 +0000
> Rick Macklem <rmacklem@uoguelph.ca> wrote:
> 
>> Rick Macklem wrote:
>>> Guido Falsi wrote:
>>> [good stuff snipped]
>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, adding
>>>> KTLS support to embedded OpenSSL.
>>>>
>>>> I filed a bug report about this:
>>>>
>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
>>>>
>>>>
>>>> Apart from switching to svn:// scheme, another workaround is to build
>>>> base using WITHOUT_OPENSSL_KTLS.
>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls),
>>> they acted like things were ok (no handshake problems), but the data
>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(),
>>> so it depends on ktls to do the encryption).
>>>
>>> Since these daemons work fine with openssl3 in ports/security/openssl-devel,
>>> I suspect the ktls backport is not quite right. I've sent jhb@ email.
>> I was wrong on the above. I did a full buildworld/installworld and the daemons
>> now seem to work with the openssl in head/main.
>>
>> Btw, did anyone try rebuilding svn from sources after doing
>> the system upgrade?
>> (The openssl library calls and .h files definitely changed.)
> 
> Yes, I did, on all boxes and its a pain in the a..., we had to rebuild EVERY port (at
> least, I did, to avoid further problem). Yesterday, on of our fastes boxes got ready and
> even with a full rebuild of the system AND a full rebuild of the ports (no poudriere,
> traditional way via make), the Apache 2.4 webservice doesn't work, and so does subversion
> not (Firefox reports problems with SSL handshake, subversion is stuck/frozen forever).
> I will run today another full world build today, hopefully finishing on friday (portmaster
> -dfR doesn't get everything in line on some ports, I assume).
> 
> oh

I tracked the subversion hang down to a bug in serf (an Apache library used by
subversion).  It would also affect any other software using serf.  The serf in
ports will also have to be patched.

-- 
John Baldwin