Software Development with Linux

Fixing SSL issues using stunnel

FRI, 06 APR 2012

There is always many ways to fix a problem. Actually, there is always many ways to try to fix a problem. I recently ran across an issue with Subversion's SSL handling. For whatever reason, it was always aborting the SSL handshake with the server. I started to worry about being able to use Linux to interact with the Subversion repository.

Fortunately, I was able to access it using Firefox so it was not a networking problem. After many hours of searching on the Internet, most reports of a similar failure were on Debian/Ubuntu and were fixed by using a different version of libneon. But my Fedora 16 installation was already using the latest version, so that was not really helpful. The only other thing I found explaining this issue was when the server was misconfigured. Well, I am not the one managing the server so I can not do anything on that side. Then, I remembered a comment I saw earlier, that said to use HTTP instead of HTTPS, if possible, to actually remove the SSL issue from the loop.

Now, HTTPS was required for me. That said, was it possible to use some other tool to handle the SSL part? So I started to look for HTTP to HTTPS proxy solutions. Most HTTP proxy seems to be able to do that, but configuring those to achieve this is not well explained. I then found the simple stunnel tool. This is simply a generic SSL tunnelling application. So, I simply started it listening on port 8888 and forwarding everything to my Subversion server IP address on port 443 (the standard HTTPS port), and configured my Subversion client to use 127.0.0.1:8888 for the HTTP proxy. That took me 2 minutes and I can now access my Subversion repository without issue!

What can be remembered from this? There is always a solution, as long as you can think of alternative ways to approach an issue.