Hello Graham, > First off, does svnkit support client certificates, and if so, how do you > configure them? > I have not found any clear documentation for this. Am I right in guessing > that svnkit uses the same configuration files as the native subversion > command line client (which works fine)?
SVNKit does support client SSL certificates (at lease those in pkcs 12 format). By default SVNKit relies on Subversion configuration, in particular ~/.subversion/servers file where client certificates may be specified: [groups] myserver=svn.server.net [myserver] ssl-client-cert-file=/home/user/cert.p12 ssl-client-cert-password=passphrase However, Jenkins may configure SVNKit to use different configuration file or to only use options provided by Jenkins at the runtime. Also note, that default configuration is that of the user on whose behalf Jenkins is ran, not your default configuration. To make sure SVNKit does work fine with you server, please download SVNKit "standalone" package from http://svnkit.com/download/ then unpack an archive and run "jsvn info https://yoursvnserver";. SVNKit command line client will use your Subversion configuration and should work fine with most servers in case native Subversion works > Secondly, does svnkit do anything special to the connection handling that > would stop Java's ordinary SSL handling from working using -D options? > Passing the same -D options that work with maven to the java process running > svnkit doesn't seem to make a difference. SVNKit creates standard SSL socket and provides custom implementation of the TrustManager (to provide and accept certificates). What particular options you think are not supported? Alexander Kitaev, TMate Software, http://subgit.com/ - Svn to Git Migration! http://svnkit.com/ - Java [Sub]Versioning Library! http://hg4j.com/ - Java Mercurial Library! http://sqljet.com/ - Java SQLite Library! On 4 February 2013 14:46, Graham Leggett <minf...@sharp.fm> wrote: > Hi all, > > I am currently trying to get Jenkins to talk to an svn repository secured by > client certificates, and am not getting anything more useful out of the > process than the following: > > Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection > during handshake > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328) > at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) > at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) > at > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) > at > org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:313) > > First off, does svnkit support client certificates, and if so, how do you > configure them? I have not found any clear documentation for this. Am I right > in guessing that svnkit uses the same configuration files as the native > subversion command line client (which works fine)? > > Secondly, does svnkit do anything special to the connection handling that > would stop Java's ordinary SSL handling from working using -D options? > Passing the same -D options that work with maven to the java process running > svnkit doesn't seem to make a difference. > > Lastly, does svnkit do anything that would break Java7's native support for > SNI? > > Regards, > Graham > -- >
