[Owncloud] OC 4.5.7 to 5.0 upgrade on debian and WebDAV error [SOLVED?]

Daniel Molkentin danimo at owncloud.com
Sat Mar 23 22:36:44 UTC 2013


Hi Pierre,

I am a bit surprised because what you are describing (called Server Name Indication (SNI) btw) should work perfectly fine with mod_ssl, provided that:
Use OpenSSL 0.9.8f or later
Build OpenSSL with the TLS Extensions option enabled (option enable-tlsext; OpenSSL 0.9.8k and later has this enabled by default).
Apache must have been built with that OpenSSL (./configure --with-ssl=/path/to/your/openssl). In that case, mod_ssl will automatically detect the availability of the TLS extensions and support SNI.
Apache must use that OpenSSL at run-time, which might require setting LD_LIBRARY_PATH or equivalent to point to that OpenSSL, maybe in bin/envvars. (You'll get unresolved symbol errors at Apache startup if Apache was built with SNI but isn't finding the right openssl libraries at run-time.)
(see http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI)

An additional requirement is servers and clients can handle at least TLS 1.1 (SSL 3.0 will not suffice, and SSL 2.0 support should be deactivated anyway), which is the case with all modern web browsers and Apache with mod_ssl which fulfill above criteria.

Is it possible that you are using CentOS 5 or a similarly old distro (even Debian Squeeze supports SNI)? Could it be that TLS support was disabled in the Apache configuration? Anyway, mod_gnutls should not be required to make SNI work with Apache.

About Rigzen Oliver Latshang's error:

>> SSL23_GET_SERVER_HELLO:unknown protocol (error code: 35)

This  usually means that the server is not speaking SSL/TLS on port 443 (usually because it responds with plain HTTP). Did you ask Apache to listen to port 443 without enabling mod_ssl? The most basic check here is to check with openssl s_client -connect mycloud.com:443. Add -servername mycloud.com to specify the vhost in an SNI setup.

Cheers,
  Daniel


Am 23.03.2013 um 20:25 schrieb Pierre Malard:

> Hi,
> 
> I have the solution... but it's not really a good one for us.
> 
> Explanation:
> On our sites we have a lot of virtual hosts (Apache2) and their is a problem to have multiples SSL certificate to them. So, the solution we had choose is to replace mod_ssl by mod_gnutls which can refer to differents certificates on one Apache server.
> 
> OC can't (don't know how?) use GnuTLS system. So, I declare mod_ssl specialy for OC on our server. But, for the others apache virtual hosts, GnuTLS were conserved. This was the mistake!
> 
> So, I create a new Apache server specialy to OC with just our OC servers in differents virtual hosts (4.5.7 for production one and 5.0 to test). As these servers are on the same domain name, I can use a wilcard SSL certifictate (*.MyDomain) and no GnuTLS reference.
> 
> As is, OC5 accept WebDAV and I don't have any error.
> 
> I don't know if it's really a bug but I have open an issue on OC GitHUB service.
> 
> Cheers
> 
> Le 21 mars 2013 à 08:53, Rigzen Oliver Latshang <rigzen.latshang at math.ethz.ch> a écrit :
>> it looks like Sabre DAV the "PHP Webdav Server" is having issues
>> connecting to your domain with ssl:
>> 
>> [CURL] Error while making request: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (error code: 35)
>> 
>> 
>> You may have to check that your webserver can access your domain with
>> "php curl". Maybe your webserver can't resolve your domain locally.
>> 
>> On 21.03.2013 08:37, Thomas Müller wrote:
>>> please open a bug report on github:
>>> http://github.com/owncloud/core
>>> 
>>> Am Donnerstag, dem 21.03.2013 um 1:01 schrieb Pierre Malard:
>>>> I have just update our owncloud server which run on Debian. So, now, we have and OC 5.0 server.
>>>> 
>>>> After the hard way to modify "config/config.php" file and suppress "maintenance" line, everything seems to work but I have an error about my webdav configuration on admin tag:
>>>> 	Setup Warning
>>>> 	Your web server is not yet properly setup to allow files synchronization 
>>>> 	because the WebDAV interface seems to be broken.
>>>> 	Please double check the installation guides.
>>>> 
>>>> I'm follow the link "installationn guide". The only indication about Debian installation/update is:
>>>> 	"Go to the linux package sources page and execute the steps as described 
>>>> 	there for your distribution."
>>>> 
>>>> and the fabulous "steps" are:
>>>> "echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_6.0/ /' >> /etc/apt/sources.list.d/owncloud.list 
>>>> apt-get update
>>>> apt-get install owncloud"
>>>> 
>>>> 
>>>> If I read the general informations about "manual installation", I read:
>>>> "You don’t need any WebDAV support of your webserver (i.e. apache’s mod_webdav) to access your ownCloud data via WebDAV, ownCloud has a WebDAV server built in. In fact, you should make sure that any built-in WebDAV module of your webserver is disabled (at least for the ownCloud directory), as it can interfere with ownCloud’s built-in WebDAV support."
>>>> It was the same thing with OC 4 and I never had this message...
>>>> 
>>>> In my "data/owncloud.log", I have this:
>>>> "{"app":"core","message":"isWebDAVWorking: NO - Reason: exception 'Sabre_DAV_Exception' with message '[CURL] Error while making request: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (error code: 35)' in \/var\/www\/owncloud\/3rdparty\/Sabre\/DAV\/Client.php:410\nStack trace:\n#0 \/var\/www\/owncloud\/3rdparty\/Sabre\/DAV\/Client.php(179): Sabre_DAV_Client->request('PROPFIND', '', '<?xml version=\"...', Array)\n#1 \/var\/www\/owncloud\/lib\/util.php(590): Sabre_DAV_Client->propFind('', Array)\n#2 \/var\/www\/owncloud\/settings\/admin.php(34): OC_Util::isWebDAVWorking()\n#3 \/var\/www\/owncloud\/lib\/route.php(113) : runtime-created function(1): require_once('\/var\/www\/ownclo...')\n#4 [internal function]: __lambda_func(Array)\n#5 \/var\/www\/owncloud\/lib\/router.php(127): call_user_func('?lambda_8', Array)\n#6 \/var\/www\/owncloud\/lib\/base.php(606): OC_Router->match('\/settings\/admin')\n#7 \/var\/www\/owncloud\/index.php(28): OC::handleRequest()\n#8 {main}","level":2,"time":1363823944}"
> 
> ----
> Pierre Malard
> 
>    « Si l'on veut croire en l'humanité,
>     il faut voir et comprendre l'inhumanité »
> 
>   |\      _,,,---,,_
>   /,`.-'`'    -.  ;-;;,_
>  |,4-  ) )-,_. ,\ (  `'-'
> '---''(_/--'  `-'\_)
> 
> perl -e '$_=q#: 3|\ 5-,3-3,2-: 3/,`.'"'"'`'"'"' 5-.  ;-;;,-:  |,A-  ) )-,_. ,\ (  `'"'"'-'"'"': '"'"'-3'"'"'2(-/--'"'"'  `-'"'"'\-): 22PLM::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
> - --> Ce message n’engage que son auteur <-- 
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

--
www.owncloud.com - Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130323/0edd2dd5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 243 bytes
Desc: Signierter Teil der Nachricht
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130323/0edd2dd5/attachment.sig>


More information about the Owncloud mailing list