Ubuntu
gnome-vfs2 package

gnome-vfs cannot read from SSL encrypted DAV folder

Bug #115156 reported by Bryson Borg
4
Affects Status Importance Assigned to Milestone
gnome-vfs2 (Ubuntu)
Invalid
Low
Ubuntu Desktop Bugs

Bug Description

Binary package hint: libgnomevfs2-0

Cannot read from an SSL secured DAV folder running on a Centos 5 server (Apache 2.2.3, httpd-2.2.3-6.el5.centos.1) using a gnome-vfs program (nautilus or gnomevfs-copy) from either Ubuntu 6.06 (amd64) or 7.04 (x86) client systems. A few kB of the file comes over, then the application gives an I/O error. Writes, however, work fine as far as I can tell.

Access to the DAV folder without SSL encryption works fine. Firefox can access the server by https without problem. The dav client cadaver (custom built against openssl) works, as does nautilus on a Centos 5 client.

If I build libgnomevfs2-0 from the Ubuntu sources with the same ./configure arguments EXCEPT for "--disable-openssl --enable-gnutls" (e.g. build against openssl rather than gnutls). everything works as expected.

I've noted that reads and writes work using the stock gnome-vfs with an SSL secured DAV folder running on an old Apache 1.3 server. So I would suspect that the problem is the result of an interaction between gnutls and apache 2.2/mod_ssl.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug. Could you describe an easy way to configure a setup triggering it? The package can't be built with openssl because its license is not compatible with the GPL and gnome-vfs has no exception clause

Changed in gnome-vfs2:
assignee: nobody → desktop-bugs
importance: Undecided → Low
Revision history for this message
Bryson Borg (brysonborg) wrote : Re: [Bug 115156] Re: gnome-vfs cannot read from SSL encrypted DAV folder

Sebastien Bacher wrote:
> Thank you for your bug. Could you describe an easy way to configure a
> setup triggering it? The package can't be built with openssl because its
> license is not compatible with the GPL and gnome-vfs has no exception
> clause
>
> ** Changed in: gnome-vfs2 (Ubuntu)
> Importance: Undecided => Low
> Assignee: (unassigned) => Ubuntu Desktop Bugs
>
>
 Hello. Thanks for your reply.

I figured there had to be some licensing issue or somesuch.

I've installed a fresh copy Centos 5 with apache. The Apache rpm is
listed as "httpd-2.2.3-6.el5.centos.1". I've created a self-signed key
(I'll have to check my notes, if you end up deciding you need that
information). I created /etc/httpd/conf.d/dav.conf with the following
contents:

-----------------------START-----------------------------------------------------------------------

BrowserMatch "Microsoft Data Access Internet Publishing Provider"
redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect_carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

Alias /dav /var/www/dav
DavMinTimeout 600
<Location /dav>
    SetHandler default-handler
    Options None
    Dav On
    SSLRequireSSL
    # <Limit> directive contains any of:
    # GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH,
    # PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK,
    # and/or UNLOCK
    <Limit CONNECT GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>
        AuthType Basic
        AuthName "WebDAV Restricted Directory"
        AuthUserFile /etc/httpd/conf/DAVpasswd
        Require user brysonborg karenborg
    </Limit>
</Location>
<Directory /var/www/dav>
    Order allow,deny
    Allow from all
</Directory>

Alias /test /var/www/test
<Location /test>
    SetHandler default-handler
    Options None
    Dav On
    SSLRequireSSL
    # <Limit> directive contains any of:
    # GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH,
    # PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK,
    # and/or UNLOCK
    <Limit CONNECT GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>
        AuthType Basic
        AuthName "WebDAV Restricted Directory"
        AuthUserFile /etc/httpd/conf/DAVpasswd
        Require user davtest
    </Limit>
</Location>
<Directory /var/www/test>
    Order allow,deny
    Allow from all
</Directory>
----------------------------------END----------------------------------------------------------------------------

You can see I've created a dav folder for your testing, maybe save you
the task of setting up a server and everything. You should be able to
map the test DAV drive at https://slithytoves.ath.cx/test with username
'davtest' and password 'd4vt3st'.

Thanks for your time.

Bryson

Revision history for this message
mikaelstaldal (temp17) wrote :

I have also experienced this bug, with Ubuntu desktop 7.10.

My server is Debian 4.0 with Apache 2.2.3 with mod_dav and mod_dav_fs.

I get this in the Apache server log:
[Tue Nov 06 22:33:06 2007] [info] [client 192.168.125.4] (32)Broken pipe: core_output_filter: writing data to the network
[Tue Nov 06 22:33:06 2007] [info] [client 192.168.125.4] (104)Connection reset by peer: SSL output filter write failed.

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you? Could you try to reproduce the same with Ubuntu 8.10 or 9.04? Thanks in advance.

Changed in gnome-vfs2:
status: New → Incomplete
Revision history for this message
Bryson Borg (brysonborg) wrote :

My SSL cert (self-generated) expired and I had to re-generate it.
Sometime around then, I happened to notice that gnome-vfs started
(partially) working again (I had been using fuse-davfs as a work-
around that was easier than re-compiling gnome-vfs against openssl).
I don't know if this is because something in gnome-vfs spontaneously
started working again or if I had generated bad certificates that
openssl could compensate for but gnutls couldn't...

However, there's a new problem with SSL secured DAV using gnome-vfs.
If I pick the folder from the bookmarks menu, a window opens and I can
perform file operations. A network share icon appears on my desktop,
but if I click it i get the error window "Unable to mount location.
Not a WebDAV enabled share", and a proper mount point is not created
in ~/.gvfs.

# cd .gvfs
# ls -l
ls: cannot access WebDAV on Server: Input/output error
total 0
?????????? ? ? ? ? ? WebDav on Server

I have to unmount the share from the desktop icon, then open up the
folder window again from the bookmarks menu. Odd. However, sorting
this out is somewhat less of a priority for me than it used to be.
Thanks.

On Feb 16, 2009, at 11:28 AM, Pedro Villavicencio wrote:

> Thank you for taking the time to report this bug and helping to make
> Ubuntu better. You reported this bug a while ago and there hasn't been
> any activity in it recently. We were wondering is this still an issue
> for you? Could you try to reproduce the same with Ubuntu 8.10 or 9.04?
> Thanks in advance.
>
> ** Changed in: gnome-vfs2 (Ubuntu)
> Status: New => Incomplete
>
> --
> gnome-vfs cannot read from SSL encrypted DAV folder
> https://bugs.launchpad.net/bugs/115156
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Revision history for this message
Sebastien Bacher (seb128) wrote :

gnome-vfs is not used by recent GNOME version, closing this bug, open a gvfs bug if you still have an issue in jaunty

Changed in gnome-vfs2 (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.