Hi, I'm facing to a certificate problem using SVNKit with Java 7 or 8. I have a maven plugin who check some Subversion items during a build (status ...) with SVNKit, works perfectly in Maven 3.2.x (Java 6 execution). With Maven 3.3.1 migration (=> Java 7 execution), any SVNKit operation get the error: "Certificates does not conform to algorithm constraints" (detailed stack in bottom)
SVNKit v1.8.7<http://search.maven.org/#artifactdetails|org.tmatesoft.svnkit|svnkit|1.8.7|jar> is used, https certificate information (part) is: AES256-SHA, key 2048 bit. I tried some tips from forums and http://svnkit.com/kb/user-guide-config-settings.html : 1) Install last available JDK (1.8.0_40) 2) Install UnlimitedJCEPolicyJDK8 (local_policy.jar & US_export_policy.jar replacement) ; 3) Blank properties jdk.certpath.disabledAlgorithms/jdk.tls.disabledAlgorithms in java.security file ; 4) Add "ssl-trust-default-ca = yes" in "%APPDATA%\Subversion\servers" file But no way ... I'm a little lost because this simple https url call works in Java 8: ---- String urlString = "https://scm.mycompanyinternet.com/svn/myrepo/trunk/myProject";; // Test content with simple HttpsURLConnection Authenticator.setDefault(new SimpleAuthenticator(proxyUserName, proxyPassword)); System.setProperty("https.proxyHost", proxyHost); System.setProperty("https.proxyPort", String.valueOf(proxyPort)); URL url = new URL(urlString); HttpsURLConnection con = (HttpsURLConnection) url.openConnection(); Assert.assertTrue(IOUtils.toString(con.getInputStream()).contains("pom.xml")); --- But on a simple SVNKit operation, any SVNClientManager.getXX fails (CertificateException with java 7/8), sample: --- String urlString = "https://scm.mycompanyinternet.com/svn/myrepo/trunk/myProject";; // Client initialization (proxy configured in '%APPDATA%\Subversion\servers' file) SVNClientManager clientManager = SVNClientManager.newInstance(SVNWCUtil.createDefaultOptions(true), SVNWCUtil.createDefaultAuthenticationManager(userName, password)); // Simple SVN list command and get content StringBuilder content = new StringBuilder(); clientManager.getLogClient().doList(SVNURL.parseURIEncoded(urlString), SVNRevision.HEAD, SVNRevision.HEAD, false, false, new ISVNDirEntryHandler() { @Override public void handleDirEntry(SVNDirEntry dirEntry) throws SVNException { content.append(dirEntry.getName()); } }); Assert.assertTrue(content.toString().contains("pom.xml")); --- Is there now a particular job todo for dealing with Certificate, or a Cipher manipulation? Thanks in Advance. Best regards. Alix. Java Stack trace: ---- org.tmatesoft.svn.core.SVNException: svn: E175002: SSL handshake failed: 'java.security.cert.CertificateException: Certificates does not conform to algorithm constraints' at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:64) at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:506) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375) [...] Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [...] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) [...] at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:325) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:170) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:474) ... 37 more Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1055) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981) [...] ... 49 more ----
