Hello, I apologize for delay with the reply.
SVNKit relies on JVM SSL support, but also adds some custom configuration that might be the reason of the problem. Do you also have SSL proxy configured when SVNKit is used? By default SVNKit will read proxy settings from Subversion configuration file at ~/.subversion/servers on Linux or OS X or from %APPDATA%\Subversion\servers file - if not, then your plain Java test connects through proxy, while SVNKit bypass it - this could explain the problem. Alexander Kitaev, TMate Software, http://subgit.com/ - Svn to Git Migration! http://svnkit.com/ - Java [Sub]Versioning Library! http://hg4j.com/ - Java Mercurial Library! http://sqljet.com/ - Java SQLite Library! On 8 April 2015 at 17:11, ALIX LOURME <alix.lou...@mpsa.com> wrote: > Hi, > > > > I'm facing to a certificate problem using SVNKit with Java 7 or 8. > > I have a maven plugin who check some Subversion items during a build > (status ...) with SVNKit, works perfectly in Maven 3.2.x (Java 6 execution). > > With Maven 3.3.1 migration (=> Java 7 execution), any SVNKit operation get > the error: “*Certificates does not conform to algorithm constraints*” > (detailed stack in bottom) > > > > SVNKit v1.8.7 > <http://search.maven.org/#artifactdetails%7Corg.tmatesoft.svnkit%7Csvnkit%7C1.8.7%7Cjar> > is used, https certificate information (part) is: AES256-SHA, key 2048 bit. > > > > I tried some tips from forums and > http://svnkit.com/kb/user-guide-config-settings.html : > > 1) Install last available JDK (1.8.0_40) > > 2) Install *UnlimitedJCEPolicyJDK8* (local_policy.jar & > US_export_policy.jar replacement) ; > > 3) Blank properties *jdk.certpath.disabledAlgorithms*/ > *jdk.tls.disabledAlgorithms* in *java.security* file ; > > 4) Add “ssl-trust-default-ca = yes” in > “%APPDATA%\Subversion\servers” file > > > > But no way … > > > > I'm a little lost because this simple https url call works in Java 8: > > ---- > > String urlString = " > https://scm.mycompanyinternet.com/svn/myrepo/trunk/myProject";; > > > > // Test content with simple HttpsURLConnection > > Authenticator.*setDefault*(*new* SimpleAuthenticator(proxyUserName, > proxyPassword)); > > System.*setProperty*("https.proxyHost", proxyHost); > > System.*setProperty*("https.proxyPort", String.*valueOf*(proxyPort)); > > > > URL url = *new* URL(urlString); > > HttpsURLConnection con = (HttpsURLConnection) url.openConnection(); > > Assert.*assertTrue*(IOUtils.*toString*(con.getInputStream()).contains( > "pom.xml")); > > --- > > > > But on a simple SVNKit operation, any * SVNClientManager.getXX* fails ( > *CertificateException* with java 7/8), sample: > > --- > > String urlString = " > https://scm.mycompanyinternet.com/svn/myrepo/trunk/myProject";; > > > > // Client initialization (*proxy* configured in > '%APPDATA%\Subversion\servers' file) > > SVNClientManager clientManager = SVNClientManager.*newInstance*(SVNWCUtil. > *createDefaultOptions*(*true*), SVNWCUtil. > *createDefaultAuthenticationManager*(userName, password)); > > > > // Simple SVN list command and get content > > StringBuilder content = *new* StringBuilder(); > > clientManager.getLogClient().doList(SVNURL.*parseURIEncoded*(urlString), > SVNRevision.*HEAD*, SVNRevision.*HEAD*, *false*, *false*, > > * new* ISVNDirEntryHandler() { > > @Override > > *public* *void* handleDirEntry(SVNDirEntry dirEntry) *throws* > SVNException { > > content.append(dirEntry.getName()); > > } > > }); > > Assert.*assertTrue*(content.toString().contains("pom.xml")); > > --- > > > > Is there now a particular job todo for dealing with Certificate, or a > Cipher manipulation? > > > > Thanks in Advance. > > Best regards. > > Alix. > > > > Java Stack trace: > > ---- > > org.tmatesoft.svn.core.SVNException: svn: E175002: SSL handshake failed: > 'java.security.cert.CertificateException: Certificates does not conform to > algorithm constraints' > > at > org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:64) > > at > org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51) > > at > org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:506) > > at > org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375) > > […] > > Caused by: javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Certificates does not conform to > algorithm constraints > > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > > […] > > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) > > […] > > at > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) > > at > org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:325) > > at > org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:170) > > at > org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:474) > > ... 37 more > > Caused by: java.security.cert.CertificateException: Certificates does not > conform to algorithm constraints > > at > sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1055) > > at > sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981) > > […] > > ... 49 more > > ---- > > > > >
