Fixing ‘SSL handshake failed: SSL error: Key usage violation in certificate has been detected.’ error on SVN checkout
Recently while trying to check out an SVN repo via unsigned security certificate over https, hosted using the Windows-based VisualSVN Server I discovered an annoyance with the newer versions of Ubuntu.
svn: Commit failed (details follow):
svn: OPTIONS of 'https://HOSTNAME/svn/repo': SSL handshake failed: SSL error: Key usage violation in certificate has been detected. (https://HOSTNAME)
The bug only appeared after upgrading to Ubuntu 11.10. After doing some investigation I determined that the bug was the result of switching from using OpenSSL in previous versions of neon, the tool used for HTTP support in Subversion, built for Ubuntu, to the newer GnuTLS SSL libraries due to a more liberal LGPL license.
GnuTLS is considered to be less mature, and has a much stricter policy when it comes to key usage flags being set correctly in certificates.
The fix for this bug is luckily fairly straightforward. A version of libneon exists with OpenSSL support in Ubuntu, by simply removing the GnuTLS version and creating a symbolic link everything will begin to work again.
sudo mv /usr/lib/libneon-gnutls.so.27 /usr/lib/libneon-gnutls.so.27.old
sudo ln -s /usr/lib/libneon.so.27 /usr/lib/libneon-gnutls.so.27