Version Control
 » 
Subversion
 » 
SVNKit
 » 
SVNKit - Users

svnkit, https, ca

View: New views
17 Messages — Rating Filter:   Alert me  

svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello everybody

I am trying to use svnkit (inside eclipse ganimede) with Subversion
over HTTPS. Our company is using internal CA. I cannot make svnkit see
our CA certificate. I tried the following:
- adding our CA to the JRE cacerts file
- using subversion/servers file:
ssl-authority-files = /path/to/CAcert.pem
ssl-trust-default-ca = yes

Still, inside eclipse I am getting the error:
The certificate was not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!

Any way to debug/troubleshoot/workaround the situation?

Thank you,

Sergey Udaltsov

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Alexander Kitaev-3 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello,

Do you have password set on cacerts files?

SVNKit loads trusted certificates in the following way:

1. Loads certs spceified as as X509 certs in ssl-authority-files
property. The following code is used to load certificate:

...
CertificateFactory factory = CertificateFactory.getInstance("X509");
return (X509Certificate)factory.generateCertificate(is);
...

2. In case ssl-trust-default-ca set to "yes", SVNKit additionally loads
certificates from JAVA_HOME/lib/security/caserts file using the
following code:

KeyStore keyStore = KeyStore.getInstance("JKS");
if (keyStore != null) {
    keyStore.load(is /* input stream for caserts file */, null);
}

I think the problem could appear in case your certificate could not be
loaded by certificate factory as X509 certificate or in case you have a
password set on cacerts file (or use caserts file at different location).

I do not think SVNKit SSL-related code is perfect, so if you have any
ideas on how to improve it - you're welcome :)

Alexander Kitaev,
TMate Software,
http://svnkit.com/ - Java [Sub]Versioning Library!

Sergey Udaltsov wrote:

> Hello everybody
>
> I am trying to use svnkit (inside eclipse ganimede) with Subversion
> over HTTPS. Our company is using internal CA. I cannot make svnkit see
> our CA certificate. I tried the following:
> - adding our CA to the JRE cacerts file
> - using subversion/servers file:
> ssl-authority-files = /path/to/CAcert.pem
> ssl-trust-default-ca = yes
>
> Still, inside eclipse I am getting the error:
> The certificate was not issued by a trusted authority. Use the
> fingerprint to validate the certificate manually!
>
> Any way to debug/troubleshoot/workaround the situation?
>
> Thank you,
>
> Sergey Udaltsov
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Semyon Vadishev :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello Sergey,

Could you please also run Eclipse in debug mode and send available logs
back to us? It should help to understand if the problem is IO failure.

Find necessary information on getting connection log here --
https://wiki.svnkit.com/Troubleshooting.

Semen Vadishev,
TMate Software,
http://svnkit.com/ - Java [Sub]Versioning Library!
http://sqljet.com/ - Java SQLite Library!



Sergey Udaltsov wrote:

> Hello everybody
>
> I am trying to use svnkit (inside eclipse ganimede) with Subversion
> over HTTPS. Our company is using internal CA. I cannot make svnkit see
> our CA certificate. I tried the following:
> - adding our CA to the JRE cacerts file
> - using subversion/servers file:
> ssl-authority-files = /path/to/CAcert.pem
> ssl-trust-default-ca = yes
>
> Still, inside eclipse I am getting the error:
> The certificate was not issued by a trusted authority. Use the
> fingerprint to validate the certificate manually!
>
> Any way to debug/troubleshoot/workaround the situation?
>
> Thank you,
>
> Sergey Udaltsov
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>
>
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I downloaded standalone svnkit, to make debugging simpler. Here is the
log of "jsvn checkout ...":

http://pastebin.com/m35be4ab9

I also put some more debugging and found out that
org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
is not being called by java internal classes, for some reason. As a
result, CA certificates are not being read at all.

It is reproducible on both Linux53 and Win2003. Now I am kind of
stuck, cannot understand why that happens... Could please anybody
check if that method is being called (just put System.err.println
inside)?

Thanks,

Sergey

On Fri, Aug 21, 2009 at 2:52 PM, Semen
Vadishev<semen.vadishev@...> wrote:

> Hello Sergey,
>
> Could you please also run Eclipse in debug mode and send available logs
> back to us? It should help to understand if the problem is IO failure.
>
> Find necessary information on getting connection log here --
> https://wiki.svnkit.com/Troubleshooting.
>
> Semen Vadishev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
> http://sqljet.com/ - Java SQLite Library!
>
>
>
> Sergey Udaltsov wrote:
>> Hello everybody
>>
>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>> our CA certificate. I tried the following:
>> - adding our CA to the JRE cacerts file
>> - using subversion/servers file:
>> ssl-authority-files = /path/to/CAcert.pem
>> ssl-trust-default-ca = yes
>>
>> Still, inside eclipse I am getting the error:
>> The certificate was not issued by a trusted authority. Use the
>> fingerprint to validate the certificate manually!
>>
>> Any way to debug/troubleshoot/workaround the situation?
>>
>> Thank you,
>>
>> Sergey Udaltsov
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Dale Anson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

You also might try running jsvn from the command line.  That seems to
work better for accepting the certificate.  Once you've done so, Eclipse
should like it too.

Dale


Semen Vadishev wrote:

> Hello Sergey,
>
> Could you please also run Eclipse in debug mode and send available logs
> back to us? It should help to understand if the problem is IO failure.
>
> Find necessary information on getting connection log here --
> https://wiki.svnkit.com/Troubleshooting.
>
> Semen Vadishev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
> http://sqljet.com/ - Java SQLite Library!
>
>
>
> Sergey Udaltsov wrote:
>  
>> Hello everybody
>>
>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>> our CA certificate. I tried the following:
>> - adding our CA to the JRE cacerts file
>> - using subversion/servers file:
>> ssl-authority-files = /path/to/CAcert.pem
>> ssl-trust-default-ca = yes
>>
>> Still, inside eclipse I am getting the error:
>> The certificate was not issued by a trusted authority. Use the
>> fingerprint to validate the certificate manually!
>>
>> Any way to debug/troubleshoot/workaround the situation?
>>
>> Thank you,
>>
>> Sergey Udaltsov
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>>
>>  
>>    
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

See my previous mail. That's exactly what I did;)

Sergey

On Fri, Aug 21, 2009 at 3:16 PM, Dale Anson<danson@...> wrote:

> You also might try running jsvn from the command line.  That seems to work
> better for accepting the certificate.  Once you've done so, Eclipse should
> like it too.
>
> Dale
>
>
> Semen Vadishev wrote:
>>
>> Hello Sergey,
>>
>> Could you please also run Eclipse in debug mode and send available logs
>> back to us? It should help to understand if the problem is IO failure.
>>
>> Find necessary information on getting connection log here --
>> https://wiki.svnkit.com/Troubleshooting.
>>
>> Semen Vadishev,
>> TMate Software,
>> http://svnkit.com/ - Java [Sub]Versioning Library!
>> http://sqljet.com/ - Java SQLite Library!
>>
>>
>>
>> Sergey Udaltsov wrote:
>>
>>>
>>> Hello everybody
>>>
>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>> our CA certificate. I tried the following:
>>> - adding our CA to the JRE cacerts file
>>> - using subversion/servers file:
>>> ssl-authority-files = /path/to/CAcert.pem
>>> ssl-trust-default-ca = yes
>>>
>>> Still, inside eclipse I am getting the error:
>>> The certificate was not issued by a trusted authority. Use the
>>> fingerprint to validate the certificate manually!
>>>
>>> Any way to debug/troubleshoot/workaround the situation?
>>>
>>> Thank you,
>>>
>>> Sergey Udaltsov
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Semyon Vadishev :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello Sergey,

I've managed to reproduce the issue on my OS X box. You are right, the
reason is that SVNKit doesn't pass available certificates via
TrustManager implementation since getAcceptedIssuers is not called by
SSL socket layer (there was actually one more bug with properties
processing, but the issue is still reproducible after the fix). I'm
still looking for solution for the problem but with no success so far.

Semen Vadishev,
TMate Software,
http://svnkit.com/ - Java [Sub]Versioning Library!
http://sqljet.com/ - Java SQLite Library!



Sergey Udaltsov wrote:

> I downloaded standalone svnkit, to make debugging simpler. Here is the
> log of "jsvn checkout ...":
>
> http://pastebin.com/m35be4ab9
>
> I also put some more debugging and found out that
> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
> is not being called by java internal classes, for some reason. As a
> result, CA certificates are not being read at all.
>
> It is reproducible on both Linux53 and Win2003. Now I am kind of
> stuck, cannot understand why that happens... Could please anybody
> check if that method is being called (just put System.err.println
> inside)?
>
> Thanks,
>
> Sergey
>
> On Fri, Aug 21, 2009 at 2:52 PM, Semen
> Vadishev<semen.vadishev@...> wrote:
>  
>> Hello Sergey,
>>
>> Could you please also run Eclipse in debug mode and send available logs
>> back to us? It should help to understand if the problem is IO failure.
>>
>> Find necessary information on getting connection log here --
>> https://wiki.svnkit.com/Troubleshooting.
>>
>> Semen Vadishev,
>> TMate Software,
>> http://svnkit.com/ - Java [Sub]Versioning Library!
>> http://sqljet.com/ - Java SQLite Library!
>>
>>
>>
>> Sergey Udaltsov wrote:
>>    
>>> Hello everybody
>>>
>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>> our CA certificate. I tried the following:
>>> - adding our CA to the JRE cacerts file
>>> - using subversion/servers file:
>>> ssl-authority-files = /path/to/CAcert.pem
>>> ssl-trust-default-ca = yes
>>>
>>> Still, inside eclipse I am getting the error:
>>> The certificate was not issued by a trusted authority. Use the
>>> fingerprint to validate the certificate manually!
>>>
>>> Any way to debug/troubleshoot/workaround the situation?
>>>
>>> Thank you,
>>>
>>> Sergey Udaltsov
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>
>>>
>>>      
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>>    
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>
>
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Can it be a bug in JRE? Should we file that bug on sun.com?

Sergey

On Wed, Aug 26, 2009 at 11:24 AM, Semen
Vadishev<semen.vadishev@...> wrote:

> Hello Sergey,
>
> I've managed to reproduce the issue on my OS X box. You are right, the
> reason is that SVNKit doesn't pass available certificates via
> TrustManager implementation since getAcceptedIssuers is not called by
> SSL socket layer (there was actually one more bug with properties
> processing, but the issue is still reproducible after the fix). I'm
> still looking for solution for the problem but with no success so far.
>
> Semen Vadishev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
> http://sqljet.com/ - Java SQLite Library!
>
>
>
> Sergey Udaltsov wrote:
>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>> log of "jsvn checkout ...":
>>
>> http://pastebin.com/m35be4ab9
>>
>> I also put some more debugging and found out that
>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>> is not being called by java internal classes, for some reason. As a
>> result, CA certificates are not being read at all.
>>
>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>> stuck, cannot understand why that happens... Could please anybody
>> check if that method is being called (just put System.err.println
>> inside)?
>>
>> Thanks,
>>
>> Sergey
>>
>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>> Vadishev<semen.vadishev@...> wrote:
>>
>>> Hello Sergey,
>>>
>>> Could you please also run Eclipse in debug mode and send available logs
>>> back to us? It should help to understand if the problem is IO failure.
>>>
>>> Find necessary information on getting connection log here --
>>> https://wiki.svnkit.com/Troubleshooting.
>>>
>>> Semen Vadishev,
>>> TMate Software,
>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>> http://sqljet.com/ - Java SQLite Library!
>>>
>>>
>>>
>>> Sergey Udaltsov wrote:
>>>
>>>> Hello everybody
>>>>
>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>> our CA certificate. I tried the following:
>>>> - adding our CA to the JRE cacerts file
>>>> - using subversion/servers file:
>>>> ssl-authority-files = /path/to/CAcert.pem
>>>> ssl-trust-default-ca = yes
>>>>
>>>> Still, inside eclipse I am getting the error:
>>>> The certificate was not issued by a trusted authority. Use the
>>>> fingerprint to validate the certificate manually!
>>>>
>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>
>>>> Thank you,
>>>>
>>>> Sergey Udaltsov
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>
>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Semyon Vadishev :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello Sergey,

I've made some changes related to server certificate processing, could
you please check them?

These changes are available at 1.3.x-ca branch of SVNKit. Unfortunately
I'm not able to create additional configuration on our build server, so
could you please checkout/switch to
https://svn.svnkit.com/repos/svnkit/branches/1.3.x-ca and build it
locally? Please follow instructions from here --
https://wiki.svnkit.com/Building_SVNKit. Don't forget to pass correct
ECLIPSE_HOME property.

If you experience any sort of problems building SVNKit, I can send you
my own build.

These changes are supposed to be just a workaround but not complete
solution. To make SVNKit work correctly you should turn
"ssl-trust-default-ca" on and add CA certificate to
$JAVA_HOME/lib/security/cacerts keystore (well, you already did that).
Please check that Eclipse runs under the same JAVA_HOME location.

I don't think that the problem is JDK bug, but we definitely have to
contact Sun's support to clarify that behavior.

Semen Vadishev,
TMate Software,
http://svnkit.com/ - Java [Sub]Versioning Library!
http://sqljet.com/ - Java SQLite Library!



Sergey Udaltsov wrote:

> Can it be a bug in JRE? Should we file that bug on sun.com?
>
> Sergey
>
> On Wed, Aug 26, 2009 at 11:24 AM, Semen
> Vadishev<semen.vadishev@...> wrote:
>  
>> Hello Sergey,
>>
>> I've managed to reproduce the issue on my OS X box. You are right, the
>> reason is that SVNKit doesn't pass available certificates via
>> TrustManager implementation since getAcceptedIssuers is not called by
>> SSL socket layer (there was actually one more bug with properties
>> processing, but the issue is still reproducible after the fix). I'm
>> still looking for solution for the problem but with no success so far.
>>
>> Semen Vadishev,
>> TMate Software,
>> http://svnkit.com/ - Java [Sub]Versioning Library!
>> http://sqljet.com/ - Java SQLite Library!
>>
>>
>>
>> Sergey Udaltsov wrote:
>>    
>>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>>> log of "jsvn checkout ...":
>>>
>>> http://pastebin.com/m35be4ab9
>>>
>>> I also put some more debugging and found out that
>>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>>> is not being called by java internal classes, for some reason. As a
>>> result, CA certificates are not being read at all.
>>>
>>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>>> stuck, cannot understand why that happens... Could please anybody
>>> check if that method is being called (just put System.err.println
>>> inside)?
>>>
>>> Thanks,
>>>
>>> Sergey
>>>
>>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>>> Vadishev<semen.vadishev@...> wrote:
>>>
>>>      
>>>> Hello Sergey,
>>>>
>>>> Could you please also run Eclipse in debug mode and send available logs
>>>> back to us? It should help to understand if the problem is IO failure.
>>>>
>>>> Find necessary information on getting connection log here --
>>>> https://wiki.svnkit.com/Troubleshooting.
>>>>
>>>> Semen Vadishev,
>>>> TMate Software,
>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>> http://sqljet.com/ - Java SQLite Library!
>>>>
>>>>
>>>>
>>>> Sergey Udaltsov wrote:
>>>>
>>>>        
>>>>> Hello everybody
>>>>>
>>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>>> our CA certificate. I tried the following:
>>>>> - adding our CA to the JRE cacerts file
>>>>> - using subversion/servers file:
>>>>> ssl-authority-files = /path/to/CAcert.pem
>>>>> ssl-trust-default-ca = yes
>>>>>
>>>>> Still, inside eclipse I am getting the error:
>>>>> The certificate was not issued by a trusted authority. Use the
>>>>> fingerprint to validate the certificate manually!
>>>>>
>>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>>
>>>>> Thank you,
>>>>>
>>>>> Sergey Udaltsov
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>
>>>>
>>>>
>>>>        
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>
>>>
>>>      
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>>    
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>
>
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello Semen

You know what - that seems to be working! Pray tell me, what did you
do? Anyway, great job! Thanks.
Would you release an update to be installable using standard Eclipse
way (as plugin)? I would need that code to work for my colleagues, and
I feel uncomfortable just providing them with some obscure jar, you
know;)

Cheers,

Sergey

On Thu, Aug 27, 2009 at 12:27 AM, Semen
Vadishev<semen.vadishev@...> wrote:

> Hello Sergey,
>
> I've made some changes related to server certificate processing, could
> you please check them?
>
> These changes are available at 1.3.x-ca branch of SVNKit. Unfortunately
> I'm not able to create additional configuration on our build server, so
> could you please checkout/switch to
> https://svn.svnkit.com/repos/svnkit/branches/1.3.x-ca and build it
> locally? Please follow instructions from here --
> https://wiki.svnkit.com/Building_SVNKit. Don't forget to pass correct
> ECLIPSE_HOME property.
>
> If you experience any sort of problems building SVNKit, I can send you
> my own build.
>
> These changes are supposed to be just a workaround but not complete
> solution. To make SVNKit work correctly you should turn
> "ssl-trust-default-ca" on and add CA certificate to
> $JAVA_HOME/lib/security/cacerts keystore (well, you already did that).
> Please check that Eclipse runs under the same JAVA_HOME location.
>
> I don't think that the problem is JDK bug, but we definitely have to
> contact Sun's support to clarify that behavior.
>
> Semen Vadishev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
> http://sqljet.com/ - Java SQLite Library!
>
>
>
> Sergey Udaltsov wrote:
>> Can it be a bug in JRE? Should we file that bug on sun.com?
>>
>> Sergey
>>
>> On Wed, Aug 26, 2009 at 11:24 AM, Semen
>> Vadishev<semen.vadishev@...> wrote:
>>
>>> Hello Sergey,
>>>
>>> I've managed to reproduce the issue on my OS X box. You are right, the
>>> reason is that SVNKit doesn't pass available certificates via
>>> TrustManager implementation since getAcceptedIssuers is not called by
>>> SSL socket layer (there was actually one more bug with properties
>>> processing, but the issue is still reproducible after the fix). I'm
>>> still looking for solution for the problem but with no success so far.
>>>
>>> Semen Vadishev,
>>> TMate Software,
>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>> http://sqljet.com/ - Java SQLite Library!
>>>
>>>
>>>
>>> Sergey Udaltsov wrote:
>>>
>>>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>>>> log of "jsvn checkout ...":
>>>>
>>>> http://pastebin.com/m35be4ab9
>>>>
>>>> I also put some more debugging and found out that
>>>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>>>> is not being called by java internal classes, for some reason. As a
>>>> result, CA certificates are not being read at all.
>>>>
>>>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>>>> stuck, cannot understand why that happens... Could please anybody
>>>> check if that method is being called (just put System.err.println
>>>> inside)?
>>>>
>>>> Thanks,
>>>>
>>>> Sergey
>>>>
>>>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>>>> Vadishev<semen.vadishev@...> wrote:
>>>>
>>>>
>>>>> Hello Sergey,
>>>>>
>>>>> Could you please also run Eclipse in debug mode and send available logs
>>>>> back to us? It should help to understand if the problem is IO failure.
>>>>>
>>>>> Find necessary information on getting connection log here --
>>>>> https://wiki.svnkit.com/Troubleshooting.
>>>>>
>>>>> Semen Vadishev,
>>>>> TMate Software,
>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>
>>>>>
>>>>>
>>>>> Sergey Udaltsov wrote:
>>>>>
>>>>>
>>>>>> Hello everybody
>>>>>>
>>>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>>>> our CA certificate. I tried the following:
>>>>>> - adding our CA to the JRE cacerts file
>>>>>> - using subversion/servers file:
>>>>>> ssl-authority-files = /path/to/CAcert.pem
>>>>>> ssl-trust-default-ca = yes
>>>>>>
>>>>>> Still, inside eclipse I am getting the error:
>>>>>> The certificate was not issued by a trusted authority. Use the
>>>>>> fingerprint to validate the certificate manually!
>>>>>>
>>>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Sergey Udaltsov
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>
>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Just a side note. It works now as a standalone app jsvn. I could not
make that code run in Eclipse - for some reason, Subversive SVN Team
Provider does not pick that new version - even though it is listed as
installed.

Sergey

On Thu, Aug 27, 2009 at 12:44 AM, Sergey
Udaltsov<sergey.udaltsov@...> wrote:

> Hello Semen
>
> You know what - that seems to be working! Pray tell me, what did you
> do? Anyway, great job! Thanks.
> Would you release an update to be installable using standard Eclipse
> way (as plugin)? I would need that code to work for my colleagues, and
> I feel uncomfortable just providing them with some obscure jar, you
> know;)
>
> Cheers,
>
> Sergey
>
> On Thu, Aug 27, 2009 at 12:27 AM, Semen
> Vadishev<semen.vadishev@...> wrote:
>> Hello Sergey,
>>
>> I've made some changes related to server certificate processing, could
>> you please check them?
>>
>> These changes are available at 1.3.x-ca branch of SVNKit. Unfortunately
>> I'm not able to create additional configuration on our build server, so
>> could you please checkout/switch to
>> https://svn.svnkit.com/repos/svnkit/branches/1.3.x-ca and build it
>> locally? Please follow instructions from here --
>> https://wiki.svnkit.com/Building_SVNKit. Don't forget to pass correct
>> ECLIPSE_HOME property.
>>
>> If you experience any sort of problems building SVNKit, I can send you
>> my own build.
>>
>> These changes are supposed to be just a workaround but not complete
>> solution. To make SVNKit work correctly you should turn
>> "ssl-trust-default-ca" on and add CA certificate to
>> $JAVA_HOME/lib/security/cacerts keystore (well, you already did that).
>> Please check that Eclipse runs under the same JAVA_HOME location.
>>
>> I don't think that the problem is JDK bug, but we definitely have to
>> contact Sun's support to clarify that behavior.
>>
>> Semen Vadishev,
>> TMate Software,
>> http://svnkit.com/ - Java [Sub]Versioning Library!
>> http://sqljet.com/ - Java SQLite Library!
>>
>>
>>
>> Sergey Udaltsov wrote:
>>> Can it be a bug in JRE? Should we file that bug on sun.com?
>>>
>>> Sergey
>>>
>>> On Wed, Aug 26, 2009 at 11:24 AM, Semen
>>> Vadishev<semen.vadishev@...> wrote:
>>>
>>>> Hello Sergey,
>>>>
>>>> I've managed to reproduce the issue on my OS X box. You are right, the
>>>> reason is that SVNKit doesn't pass available certificates via
>>>> TrustManager implementation since getAcceptedIssuers is not called by
>>>> SSL socket layer (there was actually one more bug with properties
>>>> processing, but the issue is still reproducible after the fix). I'm
>>>> still looking for solution for the problem but with no success so far.
>>>>
>>>> Semen Vadishev,
>>>> TMate Software,
>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>> http://sqljet.com/ - Java SQLite Library!
>>>>
>>>>
>>>>
>>>> Sergey Udaltsov wrote:
>>>>
>>>>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>>>>> log of "jsvn checkout ...":
>>>>>
>>>>> http://pastebin.com/m35be4ab9
>>>>>
>>>>> I also put some more debugging and found out that
>>>>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>>>>> is not being called by java internal classes, for some reason. As a
>>>>> result, CA certificates are not being read at all.
>>>>>
>>>>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>>>>> stuck, cannot understand why that happens... Could please anybody
>>>>> check if that method is being called (just put System.err.println
>>>>> inside)?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Sergey
>>>>>
>>>>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>
>>>>>
>>>>>> Hello Sergey,
>>>>>>
>>>>>> Could you please also run Eclipse in debug mode and send available logs
>>>>>> back to us? It should help to understand if the problem is IO failure.
>>>>>>
>>>>>> Find necessary information on getting connection log here --
>>>>>> https://wiki.svnkit.com/Troubleshooting.
>>>>>>
>>>>>> Semen Vadishev,
>>>>>> TMate Software,
>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>
>>>>>>
>>>>>>
>>>>>> Sergey Udaltsov wrote:
>>>>>>
>>>>>>
>>>>>>> Hello everybody
>>>>>>>
>>>>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>>>>> our CA certificate. I tried the following:
>>>>>>> - adding our CA to the JRE cacerts file
>>>>>>> - using subversion/servers file:
>>>>>>> ssl-authority-files = /path/to/CAcert.pem
>>>>>>> ssl-trust-default-ca = yes
>>>>>>>
>>>>>>> Still, inside eclipse I am getting the error:
>>>>>>> The certificate was not issued by a trusted authority. Use the
>>>>>>> fingerprint to validate the certificate manually!
>>>>>>>
>>>>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>>>>
>>>>>>> Thank you,
>>>>>>>
>>>>>>> Sergey Udaltsov
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Semyon Vadishev :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi,

> that seems to be working!
Great!

> Pray tell me, what did you do?
Now our TrustManager implementation relies on default JSSE
implementation and checks server's certificate only in case when the
default implementation fails to check it. It doesn't solve the problem
when trusted CA certificate provided by "ssl-authority-files" property
value. But I'm sure I can fix that at
DefaultSVNSSLTrustManager#checkServerTrusted method level using the
appoach of JSSE implementation.

> Would you release an update to be installable using standard Eclipse
> way (as plugin)?
The fix is already merged into 1.3.x branch, so please download SVNKit
distribution of Eclipse plugin from our build server at
https://teamcity.svnkit.com/repository/download/bt22/6557:id/deploy/org.tmatesoft.svn_1.3.0.6042.eclipse.zip
Log in as guest if prompted.

Thanks a lot for your report and help debugging the issue!

Semen Vadishev,
TMate Software,
http://svnkit.com/ - Java [Sub]Versioning Library!
http://sqljet.com/ - Java SQLite Library!



Sergey Udaltsov wrote:

> Just a side note. It works now as a standalone app jsvn. I could not
> make that code run in Eclipse - for some reason, Subversive SVN Team
> Provider does not pick that new version - even though it is listed as
> installed.
>
> Sergey
>
> On Thu, Aug 27, 2009 at 12:44 AM, Sergey
> Udaltsov<sergey.udaltsov@...> wrote:
>  
>> Hello Semen
>>
>> You know what - that seems to be working! Pray tell me, what did you
>> do? Anyway, great job! Thanks.
>> Would you release an update to be installable using standard Eclipse
>> way (as plugin)? I would need that code to work for my colleagues, and
>> I feel uncomfortable just providing them with some obscure jar, you
>> know;)
>>
>> Cheers,
>>
>> Sergey
>>
>> On Thu, Aug 27, 2009 at 12:27 AM, Semen
>> Vadishev<semen.vadishev@...> wrote:
>>    
>>> Hello Sergey,
>>>
>>> I've made some changes related to server certificate processing, could
>>> you please check them?
>>>
>>> These changes are available at 1.3.x-ca branch of SVNKit. Unfortunately
>>> I'm not able to create additional configuration on our build server, so
>>> could you please checkout/switch to
>>> https://svn.svnkit.com/repos/svnkit/branches/1.3.x-ca and build it
>>> locally? Please follow instructions from here --
>>> https://wiki.svnkit.com/Building_SVNKit. Don't forget to pass correct
>>> ECLIPSE_HOME property.
>>>
>>> If you experience any sort of problems building SVNKit, I can send you
>>> my own build.
>>>
>>> These changes are supposed to be just a workaround but not complete
>>> solution. To make SVNKit work correctly you should turn
>>> "ssl-trust-default-ca" on and add CA certificate to
>>> $JAVA_HOME/lib/security/cacerts keystore (well, you already did that).
>>> Please check that Eclipse runs under the same JAVA_HOME location.
>>>
>>> I don't think that the problem is JDK bug, but we definitely have to
>>> contact Sun's support to clarify that behavior.
>>>
>>> Semen Vadishev,
>>> TMate Software,
>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>> http://sqljet.com/ - Java SQLite Library!
>>>
>>>
>>>
>>> Sergey Udaltsov wrote:
>>>      
>>>> Can it be a bug in JRE? Should we file that bug on sun.com?
>>>>
>>>> Sergey
>>>>
>>>> On Wed, Aug 26, 2009 at 11:24 AM, Semen
>>>> Vadishev<semen.vadishev@...> wrote:
>>>>
>>>>        
>>>>> Hello Sergey,
>>>>>
>>>>> I've managed to reproduce the issue on my OS X box. You are right, the
>>>>> reason is that SVNKit doesn't pass available certificates via
>>>>> TrustManager implementation since getAcceptedIssuers is not called by
>>>>> SSL socket layer (there was actually one more bug with properties
>>>>> processing, but the issue is still reproducible after the fix). I'm
>>>>> still looking for solution for the problem but with no success so far.
>>>>>
>>>>> Semen Vadishev,
>>>>> TMate Software,
>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>
>>>>>
>>>>>
>>>>> Sergey Udaltsov wrote:
>>>>>
>>>>>          
>>>>>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>>>>>> log of "jsvn checkout ...":
>>>>>>
>>>>>> http://pastebin.com/m35be4ab9
>>>>>>
>>>>>> I also put some more debugging and found out that
>>>>>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>>>>>> is not being called by java internal classes, for some reason. As a
>>>>>> result, CA certificates are not being read at all.
>>>>>>
>>>>>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>>>>>> stuck, cannot understand why that happens... Could please anybody
>>>>>> check if that method is being called (just put System.err.println
>>>>>> inside)?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Sergey
>>>>>>
>>>>>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>>
>>>>>>
>>>>>>            
>>>>>>> Hello Sergey,
>>>>>>>
>>>>>>> Could you please also run Eclipse in debug mode and send available logs
>>>>>>> back to us? It should help to understand if the problem is IO failure.
>>>>>>>
>>>>>>> Find necessary information on getting connection log here --
>>>>>>> https://wiki.svnkit.com/Troubleshooting.
>>>>>>>
>>>>>>> Semen Vadishev,
>>>>>>> TMate Software,
>>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Sergey Udaltsov wrote:
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>> Hello everybody
>>>>>>>>
>>>>>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>>>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>>>>>> our CA certificate. I tried the following:
>>>>>>>> - adding our CA to the JRE cacerts file
>>>>>>>> - using subversion/servers file:
>>>>>>>> ssl-authority-files = /path/to/CAcert.pem
>>>>>>>> ssl-trust-default-ca = yes
>>>>>>>>
>>>>>>>> Still, inside eclipse I am getting the error:
>>>>>>>> The certificate was not issued by a trusted authority. Use the
>>>>>>>> fingerprint to validate the certificate manually!
>>>>>>>>
>>>>>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>>
>>>>>>>> Sergey Udaltsov
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>
>>>>>
>>>>>
>>>>>          
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>
>>>>
>>>>
>>>>
>>>>        
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>      
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>
>
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

> The fix is already merged into 1.3.x branch, so please download SVNKit
> distribution of Eclipse plugin from our build server at
> https://teamcity.svnkit.com/repository/download/bt22/6557:id/deploy/org.tmatesoft.svn_1.3.0.6042.eclipse.zip
> Log in as guest if prompted.
I just did. The installation went smoothly - but still Subversive SVN
Team provide does not recognize that package. In the list of installed
software, I see the old "SVNKit 1.3.0 Implementation (Optional)" used
by Subversive, and there is also newly instaled "SVNKit Library" not
used by anything :(
May be, some build options are missing?

I can provide small screenshot, if it is allowed by the maillist policy.

Sergey

>
> Thanks a lot for your report and help debugging the issue!
>
> Semen Vadishev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
> http://sqljet.com/ - Java SQLite Library!
>
>
>
> Sergey Udaltsov wrote:
>> Just a side note. It works now as a standalone app jsvn. I could not
>> make that code run in Eclipse - for some reason, Subversive SVN Team
>> Provider does not pick that new version - even though it is listed as
>> installed.
>>
>> Sergey
>>
>> On Thu, Aug 27, 2009 at 12:44 AM, Sergey
>> Udaltsov<sergey.udaltsov@...> wrote:
>>
>>> Hello Semen
>>>
>>> You know what - that seems to be working! Pray tell me, what did you
>>> do? Anyway, great job! Thanks.
>>> Would you release an update to be installable using standard Eclipse
>>> way (as plugin)? I would need that code to work for my colleagues, and
>>> I feel uncomfortable just providing them with some obscure jar, you
>>> know;)
>>>
>>> Cheers,
>>>
>>> Sergey
>>>
>>> On Thu, Aug 27, 2009 at 12:27 AM, Semen
>>> Vadishev<semen.vadishev@...> wrote:
>>>
>>>> Hello Sergey,
>>>>
>>>> I've made some changes related to server certificate processing, could
>>>> you please check them?
>>>>
>>>> These changes are available at 1.3.x-ca branch of SVNKit. Unfortunately
>>>> I'm not able to create additional configuration on our build server, so
>>>> could you please checkout/switch to
>>>> https://svn.svnkit.com/repos/svnkit/branches/1.3.x-ca and build it
>>>> locally? Please follow instructions from here --
>>>> https://wiki.svnkit.com/Building_SVNKit. Don't forget to pass correct
>>>> ECLIPSE_HOME property.
>>>>
>>>> If you experience any sort of problems building SVNKit, I can send you
>>>> my own build.
>>>>
>>>> These changes are supposed to be just a workaround but not complete
>>>> solution. To make SVNKit work correctly you should turn
>>>> "ssl-trust-default-ca" on and add CA certificate to
>>>> $JAVA_HOME/lib/security/cacerts keystore (well, you already did that).
>>>> Please check that Eclipse runs under the same JAVA_HOME location.
>>>>
>>>> I don't think that the problem is JDK bug, but we definitely have to
>>>> contact Sun's support to clarify that behavior.
>>>>
>>>> Semen Vadishev,
>>>> TMate Software,
>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>> http://sqljet.com/ - Java SQLite Library!
>>>>
>>>>
>>>>
>>>> Sergey Udaltsov wrote:
>>>>
>>>>> Can it be a bug in JRE? Should we file that bug on sun.com?
>>>>>
>>>>> Sergey
>>>>>
>>>>> On Wed, Aug 26, 2009 at 11:24 AM, Semen
>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>
>>>>>
>>>>>> Hello Sergey,
>>>>>>
>>>>>> I've managed to reproduce the issue on my OS X box. You are right, the
>>>>>> reason is that SVNKit doesn't pass available certificates via
>>>>>> TrustManager implementation since getAcceptedIssuers is not called by
>>>>>> SSL socket layer (there was actually one more bug with properties
>>>>>> processing, but the issue is still reproducible after the fix). I'm
>>>>>> still looking for solution for the problem but with no success so far.
>>>>>>
>>>>>> Semen Vadishev,
>>>>>> TMate Software,
>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>
>>>>>>
>>>>>>
>>>>>> Sergey Udaltsov wrote:
>>>>>>
>>>>>>
>>>>>>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>>>>>>> log of "jsvn checkout ...":
>>>>>>>
>>>>>>> http://pastebin.com/m35be4ab9
>>>>>>>
>>>>>>> I also put some more debugging and found out that
>>>>>>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>>>>>>> is not being called by java internal classes, for some reason. As a
>>>>>>> result, CA certificates are not being read at all.
>>>>>>>
>>>>>>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>>>>>>> stuck, cannot understand why that happens... Could please anybody
>>>>>>> check if that method is being called (just put System.err.println
>>>>>>> inside)?
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Sergey
>>>>>>>
>>>>>>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>>>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Hello Sergey,
>>>>>>>>
>>>>>>>> Could you please also run Eclipse in debug mode and send available logs
>>>>>>>> back to us? It should help to understand if the problem is IO failure.
>>>>>>>>
>>>>>>>> Find necessary information on getting connection log here --
>>>>>>>> https://wiki.svnkit.com/Troubleshooting.
>>>>>>>>
>>>>>>>> Semen Vadishev,
>>>>>>>> TMate Software,
>>>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Sergey Udaltsov wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hello everybody
>>>>>>>>>
>>>>>>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>>>>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>>>>>>> our CA certificate. I tried the following:
>>>>>>>>> - adding our CA to the JRE cacerts file
>>>>>>>>> - using subversion/servers file:
>>>>>>>>> ssl-authority-files = /path/to/CAcert.pem
>>>>>>>>> ssl-trust-default-ca = yes
>>>>>>>>>
>>>>>>>>> Still, inside eclipse I am getting the error:
>>>>>>>>> The certificate was not issued by a trusted authority. Use the
>>>>>>>>> fingerprint to validate the certificate manually!
>>>>>>>>>
>>>>>>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>>>>>>
>>>>>>>>> Thank you,
>>>>>>>>>
>>>>>>>>> Sergey Udaltsov
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>
>>>>
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Alexander Kitaev-3 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello Sergey,

> May be, some build options are missing?
I think this could be a Subversive problem - you may like to report this
problem to Subversive developers. I think what could theoretically help
is deleting old versions of SVNKit plugin and restarting Eclipse with
"-clean" option.

Or you may give Subclipse a try - updating SVNKit from update site
(archived or not) usually works with Subclipse.

Alexander Kitaev,
TMate Software,
http://svnkit.com/ - Java [Sub]Versioning Library!

Sergey Udaltsov wrote:

>> The fix is already merged into 1.3.x branch, so please download SVNKit
>> distribution of Eclipse plugin from our build server at
>> https://teamcity.svnkit.com/repository/download/bt22/6557:id/deploy/org.tmatesoft.svn_1.3.0.6042.eclipse.zip
>> Log in as guest if prompted.
> I just did. The installation went smoothly - but still Subversive SVN
> Team provide does not recognize that package. In the list of installed
> software, I see the old "SVNKit 1.3.0 Implementation (Optional)" used
> by Subversive, and there is also newly instaled "SVNKit Library" not
> used by anything :(
> May be, some build options are missing?
>
> I can provide small screenshot, if it is allowed by the maillist policy.
>
> Sergey
>> Thanks a lot for your report and help debugging the issue!
>>
>> Semen Vadishev,
>> TMate Software,
>> http://svnkit.com/ - Java [Sub]Versioning Library!
>> http://sqljet.com/ - Java SQLite Library!
>>
>>
>>
>> Sergey Udaltsov wrote:
>>> Just a side note. It works now as a standalone app jsvn. I could not
>>> make that code run in Eclipse - for some reason, Subversive SVN Team
>>> Provider does not pick that new version - even though it is listed as
>>> installed.
>>>
>>> Sergey
>>>
>>> On Thu, Aug 27, 2009 at 12:44 AM, Sergey
>>> Udaltsov<sergey.udaltsov@...> wrote:
>>>
>>>> Hello Semen
>>>>
>>>> You know what - that seems to be working! Pray tell me, what did you
>>>> do? Anyway, great job! Thanks.
>>>> Would you release an update to be installable using standard Eclipse
>>>> way (as plugin)? I would need that code to work for my colleagues, and
>>>> I feel uncomfortable just providing them with some obscure jar, you
>>>> know;)
>>>>
>>>> Cheers,
>>>>
>>>> Sergey
>>>>
>>>> On Thu, Aug 27, 2009 at 12:27 AM, Semen
>>>> Vadishev<semen.vadishev@...> wrote:
>>>>
>>>>> Hello Sergey,
>>>>>
>>>>> I've made some changes related to server certificate processing, could
>>>>> you please check them?
>>>>>
>>>>> These changes are available at 1.3.x-ca branch of SVNKit. Unfortunately
>>>>> I'm not able to create additional configuration on our build server, so
>>>>> could you please checkout/switch to
>>>>> https://svn.svnkit.com/repos/svnkit/branches/1.3.x-ca and build it
>>>>> locally? Please follow instructions from here --
>>>>> https://wiki.svnkit.com/Building_SVNKit. Don't forget to pass correct
>>>>> ECLIPSE_HOME property.
>>>>>
>>>>> If you experience any sort of problems building SVNKit, I can send you
>>>>> my own build.
>>>>>
>>>>> These changes are supposed to be just a workaround but not complete
>>>>> solution. To make SVNKit work correctly you should turn
>>>>> "ssl-trust-default-ca" on and add CA certificate to
>>>>> $JAVA_HOME/lib/security/cacerts keystore (well, you already did that).
>>>>> Please check that Eclipse runs under the same JAVA_HOME location.
>>>>>
>>>>> I don't think that the problem is JDK bug, but we definitely have to
>>>>> contact Sun's support to clarify that behavior.
>>>>>
>>>>> Semen Vadishev,
>>>>> TMate Software,
>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>
>>>>>
>>>>>
>>>>> Sergey Udaltsov wrote:
>>>>>
>>>>>> Can it be a bug in JRE? Should we file that bug on sun.com?
>>>>>>
>>>>>> Sergey
>>>>>>
>>>>>> On Wed, Aug 26, 2009 at 11:24 AM, Semen
>>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>>
>>>>>>
>>>>>>> Hello Sergey,
>>>>>>>
>>>>>>> I've managed to reproduce the issue on my OS X box. You are right, the
>>>>>>> reason is that SVNKit doesn't pass available certificates via
>>>>>>> TrustManager implementation since getAcceptedIssuers is not called by
>>>>>>> SSL socket layer (there was actually one more bug with properties
>>>>>>> processing, but the issue is still reproducible after the fix). I'm
>>>>>>> still looking for solution for the problem but with no success so far.
>>>>>>>
>>>>>>> Semen Vadishev,
>>>>>>> TMate Software,
>>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Sergey Udaltsov wrote:
>>>>>>>
>>>>>>>
>>>>>>>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>>>>>>>> log of "jsvn checkout ...":
>>>>>>>>
>>>>>>>> http://pastebin.com/m35be4ab9
>>>>>>>>
>>>>>>>> I also put some more debugging and found out that
>>>>>>>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>>>>>>>> is not being called by java internal classes, for some reason. As a
>>>>>>>> result, CA certificates are not being read at all.
>>>>>>>>
>>>>>>>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>>>>>>>> stuck, cannot understand why that happens... Could please anybody
>>>>>>>> check if that method is being called (just put System.err.println
>>>>>>>> inside)?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Sergey
>>>>>>>>
>>>>>>>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>>>>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hello Sergey,
>>>>>>>>>
>>>>>>>>> Could you please also run Eclipse in debug mode and send available logs
>>>>>>>>> back to us? It should help to understand if the problem is IO failure.
>>>>>>>>>
>>>>>>>>> Find necessary information on getting connection log here --
>>>>>>>>> https://wiki.svnkit.com/Troubleshooting.
>>>>>>>>>
>>>>>>>>> Semen Vadishev,
>>>>>>>>> TMate Software,
>>>>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Sergey Udaltsov wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hello everybody
>>>>>>>>>>
>>>>>>>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>>>>>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>>>>>>>> our CA certificate. I tried the following:
>>>>>>>>>> - adding our CA to the JRE cacerts file
>>>>>>>>>> - using subversion/servers file:
>>>>>>>>>> ssl-authority-files = /path/to/CAcert.pem
>>>>>>>>>> ssl-trust-default-ca = yes
>>>>>>>>>>
>>>>>>>>>> Still, inside eclipse I am getting the error:
>>>>>>>>>> The certificate was not issued by a trusted authority. Use the
>>>>>>>>>> fingerprint to validate the certificate manually!
>>>>>>>>>>
>>>>>>>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>>>>>>>
>>>>>>>>>> Thank you,
>>>>>>>>>>
>>>>>>>>>> Sergey Udaltsov
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>
>>>>>
>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

It seems it is really Subversive problem, it cannot pick your package
- I guess, they have their own interfaces and wrapper around your
code. At the same time, Subclipse picks it just fine. Just in case
someone would wonder...

Cheers,

Sergey

On Thu, Aug 27, 2009 at 8:28 PM, Alexander
Kitaev<Alexander.Kitaev@...> wrote:

> Hello Sergey,
>
>> May be, some build options are missing?
> I think this could be a Subversive problem - you may like to report this
> problem to Subversive developers. I think what could theoretically help
> is deleting old versions of SVNKit plugin and restarting Eclipse with
> "-clean" option.
>
> Or you may give Subclipse a try - updating SVNKit from update site
> (archived or not) usually works with Subclipse.
>
> Alexander Kitaev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
>
> Sergey Udaltsov wrote:
>>> The fix is already merged into 1.3.x branch, so please download SVNKit
>>> distribution of Eclipse plugin from our build server at
>>> https://teamcity.svnkit.com/repository/download/bt22/6557:id/deploy/org.tmatesoft.svn_1.3.0.6042.eclipse.zip
>>> Log in as guest if prompted.
>> I just did. The installation went smoothly - but still Subversive SVN
>> Team provide does not recognize that package. In the list of installed
>> software, I see the old "SVNKit 1.3.0 Implementation (Optional)" used
>> by Subversive, and there is also newly instaled "SVNKit Library" not
>> used by anything :(
>> May be, some build options are missing?
>>
>> I can provide small screenshot, if it is allowed by the maillist policy.
>>
>> Sergey
>>> Thanks a lot for your report and help debugging the issue!
>>>
>>> Semen Vadishev,
>>> TMate Software,
>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>> http://sqljet.com/ - Java SQLite Library!
>>>
>>>
>>>
>>> Sergey Udaltsov wrote:
>>>> Just a side note. It works now as a standalone app jsvn. I could not
>>>> make that code run in Eclipse - for some reason, Subversive SVN Team
>>>> Provider does not pick that new version - even though it is listed as
>>>> installed.
>>>>
>>>> Sergey
>>>>
>>>> On Thu, Aug 27, 2009 at 12:44 AM, Sergey
>>>> Udaltsov<sergey.udaltsov@...> wrote:
>>>>
>>>>> Hello Semen
>>>>>
>>>>> You know what - that seems to be working! Pray tell me, what did you
>>>>> do? Anyway, great job! Thanks.
>>>>> Would you release an update to be installable using standard Eclipse
>>>>> way (as plugin)? I would need that code to work for my colleagues, and
>>>>> I feel uncomfortable just providing them with some obscure jar, you
>>>>> know;)
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Sergey
>>>>>
>>>>> On Thu, Aug 27, 2009 at 12:27 AM, Semen
>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>
>>>>>> Hello Sergey,
>>>>>>
>>>>>> I've made some changes related to server certificate processing, could
>>>>>> you please check them?
>>>>>>
>>>>>> These changes are available at 1.3.x-ca branch of SVNKit. Unfortunately
>>>>>> I'm not able to create additional configuration on our build server, so
>>>>>> could you please checkout/switch to
>>>>>> https://svn.svnkit.com/repos/svnkit/branches/1.3.x-ca and build it
>>>>>> locally? Please follow instructions from here --
>>>>>> https://wiki.svnkit.com/Building_SVNKit. Don't forget to pass correct
>>>>>> ECLIPSE_HOME property.
>>>>>>
>>>>>> If you experience any sort of problems building SVNKit, I can send you
>>>>>> my own build.
>>>>>>
>>>>>> These changes are supposed to be just a workaround but not complete
>>>>>> solution. To make SVNKit work correctly you should turn
>>>>>> "ssl-trust-default-ca" on and add CA certificate to
>>>>>> $JAVA_HOME/lib/security/cacerts keystore (well, you already did that).
>>>>>> Please check that Eclipse runs under the same JAVA_HOME location.
>>>>>>
>>>>>> I don't think that the problem is JDK bug, but we definitely have to
>>>>>> contact Sun's support to clarify that behavior.
>>>>>>
>>>>>> Semen Vadishev,
>>>>>> TMate Software,
>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>
>>>>>>
>>>>>>
>>>>>> Sergey Udaltsov wrote:
>>>>>>
>>>>>>> Can it be a bug in JRE? Should we file that bug on sun.com?
>>>>>>>
>>>>>>> Sergey
>>>>>>>
>>>>>>> On Wed, Aug 26, 2009 at 11:24 AM, Semen
>>>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Hello Sergey,
>>>>>>>>
>>>>>>>> I've managed to reproduce the issue on my OS X box. You are right, the
>>>>>>>> reason is that SVNKit doesn't pass available certificates via
>>>>>>>> TrustManager implementation since getAcceptedIssuers is not called by
>>>>>>>> SSL socket layer (there was actually one more bug with properties
>>>>>>>> processing, but the issue is still reproducible after the fix). I'm
>>>>>>>> still looking for solution for the problem but with no success so far.
>>>>>>>>
>>>>>>>> Semen Vadishev,
>>>>>>>> TMate Software,
>>>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Sergey Udaltsov wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> I downloaded standalone svnkit, to make debugging simpler. Here is the
>>>>>>>>> log of "jsvn checkout ...":
>>>>>>>>>
>>>>>>>>> http://pastebin.com/m35be4ab9
>>>>>>>>>
>>>>>>>>> I also put some more debugging and found out that
>>>>>>>>> org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.getAcceptedIssuers
>>>>>>>>> is not being called by java internal classes, for some reason. As a
>>>>>>>>> result, CA certificates are not being read at all.
>>>>>>>>>
>>>>>>>>> It is reproducible on both Linux53 and Win2003. Now I am kind of
>>>>>>>>> stuck, cannot understand why that happens... Could please anybody
>>>>>>>>> check if that method is being called (just put System.err.println
>>>>>>>>> inside)?
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Sergey
>>>>>>>>>
>>>>>>>>> On Fri, Aug 21, 2009 at 2:52 PM, Semen
>>>>>>>>> Vadishev<semen.vadishev@...> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hello Sergey,
>>>>>>>>>>
>>>>>>>>>> Could you please also run Eclipse in debug mode and send available logs
>>>>>>>>>> back to us? It should help to understand if the problem is IO failure.
>>>>>>>>>>
>>>>>>>>>> Find necessary information on getting connection log here --
>>>>>>>>>> https://wiki.svnkit.com/Troubleshooting.
>>>>>>>>>>
>>>>>>>>>> Semen Vadishev,
>>>>>>>>>> TMate Software,
>>>>>>>>>> http://svnkit.com/ - Java [Sub]Versioning Library!
>>>>>>>>>> http://sqljet.com/ - Java SQLite Library!
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Sergey Udaltsov wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Hello everybody
>>>>>>>>>>>
>>>>>>>>>>> I am trying to use svnkit (inside eclipse ganimede) with Subversion
>>>>>>>>>>> over HTTPS. Our company is using internal CA. I cannot make svnkit see
>>>>>>>>>>> our CA certificate. I tried the following:
>>>>>>>>>>> - adding our CA to the JRE cacerts file
>>>>>>>>>>> - using subversion/servers file:
>>>>>>>>>>> ssl-authority-files = /path/to/CAcert.pem
>>>>>>>>>>> ssl-trust-default-ca = yes
>>>>>>>>>>>
>>>>>>>>>>> Still, inside eclipse I am getting the error:
>>>>>>>>>>> The certificate was not issued by a trusted authority. Use the
>>>>>>>>>>> fingerprint to validate the certificate manually!
>>>>>>>>>>>
>>>>>>>>>>> Any way to debug/troubleshoot/workaround the situation?
>>>>>>>>>>>
>>>>>>>>>>> Thank you,
>>>>>>>>>>>
>>>>>>>>>>> Sergey Udaltsov
>>>>>>>>>>>
>>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>>>
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>>> For additional commands, e-mail: svnkit-users-help@...
>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>>> For additional commands, e-mail: svnkit-users-help@...
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
>> For additional commands, e-mail: svnkit-users-help@...
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svnkit-users-unsubscribe@...
> For additional commands, e-mail: svnkit-users-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

As a followup, just in case anyone here is interested. I registered a
bug report against Subversive not being able to pick freshly built and
installed SVNKit:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=288411

Cheers,

Sergey

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...


Re: svnkit, https, ca

by Sergey Udaltsov :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

There is an interesting statement in that bug:

"We proposed SVNKit to apply our changes, but they refused and so we
have current situation."

Could please anyone tell me, what was the story?

Thanks,

Sergey

On Wed, Sep 2, 2009 at 10:35 PM, Sergey
Udaltsov<sergey.udaltsov@...> wrote:

> As a followup, just in case anyone here is interested. I registered a
> bug report against Subversive not being able to pick freshly built and
> installed SVNKit:
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=288411
>
> Cheers,
>
> Sergey
>

---------------------------------------------------------------------
To unsubscribe, e-mail: svnkit-users-unsubscribe@...
For additional commands, e-mail: svnkit-users-help@...

Free embeddable forum powered by Nabble Forum Help