Hi Alexander,
I think I have a test case working such that my svn kit client connects to a
FIPS server, but now have to upgrade my svn kit clients from 1.1.7 to 1.3.6,
and am getting this, can you advise?
$ javac SVNCheckout.java
SVNCheckout.java:74: cannot find symbolsymbol : method
newInstance(org.tmatesoft.svn.core.wc.ISVNOptions,java.lang.String,java.lang.String)location:
class org.tmatesoft.svn.core.wc.SVNClientManager ourClientManager =
SVNClientManager.newInstance(options, name, password);
^Note: SVNCheckout.java uses or overrides a deprecated API.
> Date: Wed, 28 Sep 2011 20:08:18 +0400
> Subject: Re:
> From: [email protected]
> To: [email protected]
>
> Hello Sam,
>
> What version of SVNKit are you using? Could you please try v1.3.6 that
> we've just uploaded to the SVNKit web site (http://svnkit.com/).
> Thanks!
>
>
> Alexander Kitaev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
> http://hg4j.com/ - Java Mercurial Library!
> http://sqljet.com/ - Java SQLite Library!
>
>
> On 27 September 2011 22:56, Sam Theman <[email protected]> wrote:
> >
> > Hello Alexander,
> >
> > I think I found the issue. Your SVN Kit Class
> >
> > org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.getSSLContext
> >
> > is specifically requesting SSLV3... anyway to change this?
> >
> > Sam
> >
> > public SSLContext getSSLContext() throws IOException {
> >
> > 145
> >
> > try {
> >
> > 146
> >
> > SSLContext context = SSLContext.getInstance("SSLv3");
> >
> > 147
> >
> > context.init(getKeyManagers(), new TrustManager[] {new
> > X509TrustManager() {
> >
> > 148
> >
> > public X509Certificate[] getAcceptedIssuers() {
> >
> > 149
> >
> > init();
> >
> > 150
> >
> > return myTrustedCerts;
> >
> > 151
> >
> > }
> >
> > > Date: Mon, 26 Sep 2011 21:25:54 +0200
> > > Subject: Re: Need information about configuring SSL/HTTPS with SVN Kit...
> > > From: [email protected]
> > > To: [email protected]
> > >
> > > Hello,
> > >
> > > SVNKit relies on JRE SSL support, so I suppose FIPS should be
> > > configured on the JRE level.
> > > I found a relevant article at
> > > http://blogs.oracle.com/xuelei/entry/fips_140_compliant_mode_for
> > >
> > > Also, I'd recommend to use the latest version of SVNKit from 1.3.x
> > > branch or v1.3.6 which is already deployed to our maven repository and
> > > will be available at our website tomorrow.
> > >
> > > Alexander Kitaev,
> > > TMate Software,
> > > http://svnkit.com/ - Java [Sub]Versioning Library!
> > > http://hg4j.com/ - Java Mercurial Library!
> > > http://sqljet.com/ - Java SQLite Library!
> > >
> > >
> > >
> > > On 26 September 2011 19:39, xray316 <[email protected]> wrote:
> > > >
> > > > Hello,
> > > >
> > > > We have an Apache server 2.2.19 and SVN 1.6.5 and SVN Kit
> > > > svnkit-1.1.7.4142.
> > > > client
> > > >
> > > > We have implemented FIPS SSL with apache. Our SVN client connects fine
> > > > to
> > > > the apache/SVN server.... BUT if we change the apache server FIPS mode
> > > > on
> > > > for SSL, the SVN client cannot conncect -since svn kit does not use ssl
> > > > that
> > > > is FIPS compliant.
> > > >
> > > > SVN Kit client tries to use a non-TLS1 protcol, and fails, see below...
> > > >
> > > > How can we run SVN kit clients with FIPS enabled SSL?
> > > >
> > > > [Mon Sep 26 11:17:55 2011] [info] mod_ssl/2.2.19 compiled against
> > > > Server:
> > > > Apache/2.2.19, Library: OpenSSL/0.9.8r-fips
> > > > [Mon Sep 26 11:17:55 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19
> > > > OpenSSL/0.9.8r-fips DAV/2 SVN/1.6.17 configured -- resuming normal
> > > > operations
> > > > [Mon Sep 26 11:17:55 2011] [info] Server built: Jun 13 2011 15:16:50
> > > > [Mon Sep 26 11:17:55 2011] [debug] prefork.c(1023): AcceptMutex: sysvsem
> > > > (default: sysvsem)
> > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] Connection to child 0
> > > > established (server subversion.bart.com:443)
> > > > [Mon Sep 26 11:18:03 2011] [info] Seeding PRNG with 136 bytes of entropy
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL:
> > > > Handshake: start
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL:
> > > > Loop:
> > > > before/accept initialization
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1897): OpenSSL: read
> > > > 11/11 bytes from BIO#8530df0 [mem: 8540b00] (BIO dump follows)
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1830):
> > > > +-------------------------------------------------------------------------+
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1869): | 0000: 16 03
> > > > 00
> > > > 00 51 01 00 00-4d 03 ....Q...M. |
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1873): | 0011 -
> > > > <SPACES/NULS>
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1875):
> > > > +-------------------------------------------------------------------------+
> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL:
> > > > Exit:
> > > > error in SSLv2/v3 read client hello A
> > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] SSL library error 1 in
> > > > handshake (server :443)
> > > > [Mon Sep 26 11:18:03 2011] [info] SSL Library Error: 336027945
> > > > error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls allowed in
> > > > fips
> > > > mode
> > > >
> > > > --
> > > > View this message in context:
> > > > http://old.nabble.com/Need-information-about-configuring-SSL-HTTPS-with-SVN-Kit...-tp32503957p32503957.html
> > > > Sent from the SVNKit - Users mailing list archive at Nabble.com.
> > > >
> > > >
> > > >
> > >
>
