On 04 Feb 2013, at 10:35 PM, Alexander Kitaev <kit...@gmail.com> wrote:
> SVNKit does support client SSL certificates (at lease those in pkcs 12 > format). > By default SVNKit relies on Subversion configuration, in particular > ~/.subversion/servers file where client certificates may be specified: > > [groups] > myserver=svn.server.net > > [myserver] > ssl-client-cert-file=/home/user/cert.p12 > ssl-client-cert-password=passphrase > > However, Jenkins may configure SVNKit to use different configuration > file or to only use options provided by Jenkins at the runtime. Also > note, that default configuration is that of the user on whose behalf > Jenkins is ran, not your default configuration. Is there a definitive description of exactly what the Jenkins Subversion plugin does with configuring svnkit? First prize for me is for the Subversion Plugin to simply execute the native svn client and rely on svn's default behaviour. If I am forced to use svnkit, then ideally my first prize there would be again if svnkit just relied on the default behaviour, and picked up configuration from ~/.subversion. At this point svn checkouts are working (with a hack to work around broken SNI support), but I have no idea what I did to make them work, and I have no confidence a second job on this slave will work, or a second slave. The actual effective configuration is a mystery. > To make sure SVNKit does work fine with you server, please download > SVNKit "standalone" package from http://svnkit.com/download/ then > unpack an archive and run "jsvn info https://yoursvnserver";. SVNKit > command line client will use your Subversion configuration and should > work fine with most servers in case native Subversion works I tried this, and "jsvn checkout [url] path" hangs solid, and won't shut down in response to ^C. The native svn client works fine. > SVNKit creates standard SSL socket and provides custom implementation > of the TrustManager (to provide and accept certificates). > What particular options you think are not supported? Server Name Indication (SNI). The native subversion client performs SNI correctly out of the box, as does Java 7. Svnkit doesn't set the name of the host as required, and so doesn't work. Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
