Unable to https push (or push at all by http)

Tim Boudreau tboudreau at sun.com
Sat Jun 20 22:59:46 CDT 2009 



Matt Mackall wrote:
> 
> On Sat, 2009-06-20 at 15:27 -0700, Tim Boudreau wrote:
>> 
>> Matt Mackall wrote:
>> > 
>> > On Sat, 2009-06-20 at 13:45 -0700, Tim Boudreau wrote:
>> >> I followed the instructions here
>> >> http://slucas.wikidot.com/en:hgweb-mod-python to get Mercurial 1.2.1
>> set
>> >> up
>> >> with hgwebdir and being served by apache, on Gentoo 2.6.30.  Web
>> access
>> >> and
>> >> http or https clone works fine.  Pushing, however, is not working at
>> all. 
>> >> I'm hoping it's some simple configuration issue that will be obvious
>> to
>> >> someone here.
>> > 
>> > These problems are almost universally in your Apache config. Recommend
>> > you try limiting access to a plain HTML file and going from there.
>> > 
>> 
>> I don't doubt there are.  But I don't understand your suggestion - apache
>> is
>> serving plain html fine over http and https.
> 
> There are a bunch of orthogonal pieces here:
> 
> - getting cgi scripts working
> 

Done.  Web interface has been working fine the whole time.


Matt Mackall wrote:
> 
> - getting filesystem permissions right
> 

I've tried world-writable just to be sure.


Matt Mackall wrote:
> 
> - getting .htaccess restrictions right
> 

Tried this with extremely liberal permissions and the ones I posted above
(digest auth for POST/PUT).



> - getting hgweb user permissions right
> 

Currently using
allow_push = *


If you try to get all of these things working together simultaneously,
you'll have a very difficult time. But you can in fact break it into
independent parts:


Matt Mackall wrote:
> 
> Step 1: Restrict access to POST for a single HTML file. Test it. Now you
> have known good .htaccess config.
> 

Done.  It works.


Matt Mackall wrote:
> 
> Step 2: Get hgweb push working with no restrictions (accept *). Now you
> have known good filesystem permissions.
> 

Here's where I'm stuck.  Push still fails for me.  As I understand it, the
initial 401 response is what's *supposed* to happen when accessing a
password-protected page.  It seems like hg is giving up there, rather than
sending the credentials (whether or not they are embedded in the push URL).

'hg out' over https works fine.  It's POST that fails.

I did notice a bunch of lines like this in var/log/apache2/error_log:
[Sat Jun 20 23:32:32 2009] [debug] ssl_engine_io.c(1828): OpenSSL: I/O
error, 5 bytes expected to read on BIO#9a53c40 [mem: 9ad7bd0]
[Sat Jun 20 23:32:32 2009] [info] [client 192.168.2.1] (70014)End of file
found: SSL input filter read failed.

which correspond to when I tried to push.  I've googled a bit for this error
but mostly found posts about IE5 issues.  One useful suggestion was to
change the encryption algorithm Apache is using, so I'll try that.  Also
installed ssldump which might provide some meaningful logging.

Thanks for the help, and any ideas appreciated.

-Tim
-- 
View this message in context: http://www.nabble.com/Unable-to-https-push-%28or-push-at-all-by-http%29-tp24129115p24131392.html
Sent from the Mercurial mailing list archive at Nabble.com.

More information about the Mercurial mailing list