Hello, With SVNKit 1.3.6 you need to write like this:
ISVNAuthenticationManager authManager = SVNWCUtil.createDefaultAuthenticationManager(userName, password); SVNClientManager manager = SVNClientManager.newInstance(options, authManager); Alexander Kitaev, TMate Software, http://svnkit.com/ - Java [Sub]Versioning Library! http://hg4j.com/ - Java Mercurial Library! http://sqljet.com/ - Java SQLite Library! On 28 September 2011 21:41, Sam Theman <[email protected]> wrote: > Hi Alexander, > I think I have a test case working such that my svn kit client connects to a > FIPS server, but now have to upgrade my svn kit clients from 1.1.7 to 1.3.6, > and am getting this, can you advise? > $ javac SVNCheckout.java > SVNCheckout.java:74: cannot find symbol > symbol : method > newInstance(org.tmatesoft.svn.core.wc.ISVNOptions,java.lang.String,java.lang.String) > location: class org.tmatesoft.svn.core.wc.SVNClientManager > ourClientManager = SVNClientManager.newInstance(options, name, > password); > ^ > Note: SVNCheckout.java uses or overrides a deprecated API. > >> Date: Wed, 28 Sep 2011 20:08:18 +0400 >> Subject: Re: >> From: [email protected] >> To: [email protected] >> >> Hello Sam, >> >> What version of SVNKit are you using? Could you please try v1.3.6 that >> we've just uploaded to the SVNKit web site (http://svnkit.com/). >> Thanks! >> >> >> Alexander Kitaev, >> TMate Software, >> http://svnkit.com/ - Java [Sub]Versioning Library! >> http://hg4j.com/ - Java Mercurial Library! >> http://sqljet.com/ - Java SQLite Library! >> >> >> On 27 September 2011 22:56, Sam Theman <[email protected]> wrote: >> > >> > Hello Alexander, >> > >> > I think I found the issue. Your SVN Kit Class >> > >> > org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.getSSLContext >> > >> > is specifically requesting SSLV3... anyway to change this? >> > >> > Sam >> > >> > public SSLContext getSSLContext() throws IOException { >> > >> > 145 >> > >> > try { >> > >> > 146 >> > >> > SSLContext context = SSLContext.getInstance("SSLv3"); >> > >> > 147 >> > >> > >> > context.init(getKeyManagers(), new TrustManager[] {new X509TrustManager() { >> > >> > 148 >> > >> > public X509Certificate[] getAcceptedIssuers() { >> > >> > 149 >> > >> > init(); >> > >> > 150 >> > >> > return myTrustedCerts; >> > >> > 151 >> > >> > } >> > >> > > Date: Mon, 26 Sep 2011 21:25:54 +0200 >> > > Subject: Re: Need information about configuring SSL/HTTPS with SVN >> > > Kit... >> > > From: [email protected] >> > > To: [email protected] >> > > >> > > Hello, >> > > >> > > SVNKit relies on JRE SSL support, so I suppose FIPS should be >> > > configured on the JRE level. >> > > I found a relevant article at >> > > http://blogs.oracle.com/xuelei/entry/fips_140_compliant_mode_for >> > > >> > > Also, I'd recommend to use the latest version of SVNKit from 1.3.x >> > > branch or v1.3.6 which is already deployed to our maven repository and >> > > will be available at our website tomorrow. >> > > >> > > Alexander Kitaev, >> > > TMate Software, >> > > http://svnkit.com/ - Java [Sub]Versioning Library! >> > > http://hg4j.com/ - Java Mercurial Library! >> > > http://sqljet.com/ - Java SQLite Library! >> > > >> > > >> > > >> > > On 26 September 2011 19:39, xray316 <[email protected]> wrote: >> > > > >> > > > Hello, >> > > > >> > > > We have an Apache server 2.2.19 and SVN 1.6.5 and SVN Kit >> > > > svnkit-1.1.7.4142. >> > > > client >> > > > >> > > > We have implemented FIPS SSL with apache. Our SVN client connects >> > > > fine to >> > > > the apache/SVN server.... BUT if we change the apache server FIPS >> > > > mode on >> > > > for SSL, the SVN client cannot conncect -since svn kit does not use >> > > > ssl that >> > > > is FIPS compliant. >> > > > >> > > > SVN Kit client tries to use a non-TLS1 protcol, and fails, see >> > > > below... >> > > > >> > > > How can we run SVN kit clients with FIPS enabled SSL? >> > > > >> > > > [Mon Sep 26 11:17:55 2011] [info] mod_ssl/2.2.19 compiled against >> > > > Server: >> > > > Apache/2.2.19, Library: OpenSSL/0.9.8r-fips >> > > > [Mon Sep 26 11:17:55 2011] [notice] Apache/2.2.19 (Unix) >> > > > mod_ssl/2.2.19 >> > > > OpenSSL/0.9.8r-fips DAV/2 SVN/1.6.17 configured -- resuming normal >> > > > operations >> > > > [Mon Sep 26 11:17:55 2011] [info] Server built: Jun 13 2011 15:16:50 >> > > > [Mon Sep 26 11:17:55 2011] [debug] prefork.c(1023): AcceptMutex: >> > > > sysvsem >> > > > (default: sysvsem) >> > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] Connection to child >> > > > 0 >> > > > established (server subversion.bart.com:443) >> > > > [Mon Sep 26 11:18:03 2011] [info] Seeding PRNG with 136 bytes of >> > > > entropy >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1866): >> > > > OpenSSL: >> > > > Handshake: start >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1874): >> > > > OpenSSL: Loop: >> > > > before/accept initialization >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1897): OpenSSL: >> > > > read >> > > > 11/11 bytes from BIO#8530df0 [mem: 8540b00] (BIO dump follows) >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1830): >> > > > >> > > > +-------------------------------------------------------------------------+ >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1869): | 0000: 16 >> > > > 03 00 >> > > > 00 51 01 00 00-4d 03 ....Q...M. | >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1873): | 0011 - >> > > > <SPACES/NULS> >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1875): >> > > > >> > > > +-------------------------------------------------------------------------+ >> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1903): >> > > > OpenSSL: Exit: >> > > > error in SSLv2/v3 read client hello A >> > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] SSL library error 1 >> > > > in >> > > > handshake (server :443) >> > > > [Mon Sep 26 11:18:03 2011] [info] SSL Library Error: 336027945 >> > > > error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls allowed >> > > > in fips >> > > > mode >> > > > >> > > > -- >> > > > View this message in context: >> > > > http://old.nabble.com/Need-information-about-configuring-SSL-HTTPS-with-SVN-Kit...-tp32503957p32503957.html >> > > > Sent from the SVNKit - Users mailing list archive at Nabble.com. >> > > > >> > > > >> > > > >> > > >> >
