I have subversion and apache configured to use an FIPS 140-2 complaint SSL, BUT when I run apache in FIPS mode, my SVN Kit clients cannot connect (works fine in non FIPS mode)....see below
Somehow I guess I need to run SVN Kit with a FIPS complaint java ssl implementation?? Sep 26, 2011 8:20:10 AM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger info FINE: Keep-Alive timeout detected Sep 26, 2011 8:20:10 AM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: SENT PROPFIND /cm_repo1/NAISWeb_Release HTTP/1.1^M Host: subversion.nist.gov^M User-Agent: SVNKit 1.1.7 (http://svnkit.com/) r4142^M Keep-Alive:^M Connection: TE, Keep-Alive^M TE: trailers^M Content-Length: 300^M Accept-Encoding: gzip^M Content-Type: text/xml; charset="utf-8"^M Depth: 0^M ^M Sep 26, 2011 8:20:10 AM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger info FINE: Remote host closed connection during handshake javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at org.tmatesoft.svn.core.internal.util.SVNLogOutputStream.flush(SVNLogOutputStream.java:52) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:199) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:158) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:299) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:245) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:233) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.doPropfind(DAVConnection.java:97) at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getProperties(DAVUtil.java:57) at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getResourceProperties(DAVUtil.java:62) at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getStartingProperties(DAVUtil.java:92) at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.findStartingProperties(DAVUtil.java:114) at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getBaselineProperties(DAVUtil.java:199) at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getBaselineInfo(DAVUtil.java:162) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.checkPath(DAVRepository.java:186) at SVNCheckout.main(SVNCheckout.java:142) Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1139) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) at org.tmatesoft.svn.core.internal.util.SVNLogOutputStream.flush(SVNLogOutputStream.java:52) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:199) Alexander Sinyushkin wrote: > > Hello Sam, > > can you provide us your FIPS apache2 SVN server configuration details > (modules, config file). Do you have a proper debug log level in apache? > Are you sure you try to connect to the very apache, which logs according > to your description remain empty? Can you please switch on svnkit logs > (https://wiki.svnkit.com/Troubleshooting) and see, what's written to a > log file. > > ---- > Alexander Sinyushkin, > TMate Software, > http://svnkit.com/ - Java [Sub]Versioning Library! > > Sam theman wrote: >> Hello, >> >> I am trying to run one of the java client examples >> "DisplayRepositoryTree.java" , and I can run it successfully to any >> non-FIPS apache2 SVN repository server, BUT when I try to point the same >> client code at a FIPS complaint apache2 SVN server, the SVNKit client >> just hangs. Nothing in the apache2 logs. >> >> So how is SSL handled with the SVNKit SSL engine? and can I just point >> it at a FIPS openssl, or some other FIPS ssl engine? >> >> Ed >> >> ------------------------------------------------------------------------ >> Insert movie times and more without leaving HotmailĀ®. See how. >> <http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- View this message in context: http://old.nabble.com/Error-when-trying-to-connect-SVNKit--client-to-FIPS-Apache-tp24361212p32503939.html Sent from the SVNKit - Users mailing list archive at Nabble.com.
