tags:

views:

697

answers:

3
Q: 

Why am I getting handshake_failure with Java SSL cert?

I'm trying to use Hudson (which uses SVNKit) to access a Subversion repository that requires a client certificate to access it. I can access the same repository using the same client certificate via Eclipse (also using SVNKit).

When Hudson tries to check out the repository, it fails with:

org.tmatesoft.svn.core.SVNException: svn: Received fatal alert: handshake_failure

Hudson is running under Tomcat, so I turned on ssl debugging in the Tomcat log (-Djavax.net.debug=ssl).

At the end of the handshake I see:

*** ServerHelloDone
Executor #0 for master : executing eMASS integration #3, SEND SSLv3 ALERT:  warning, description = no_certificate

I'm not sure if that is the crux of the problem or not.

That follows a list of Cert Authorities. I made sure the server's cert root issuer is imported in my cacerts, as well as the intermediate issuer. I still get the same problem.

Any ideas for what to look at?

The log is on pastebin.

A: 

I don`t know exactly, but may be it helps. May be you need to add cerificate to jvm using keystore

Alexey Ogarkov  2009-11-06 14:32:33
A: 

Alexey had the right idea.

Log:

SEND SSLv3 ALERT:  warning, description = no_certificate

This was discussed in the Java Programming forum.

Maybe your eclipse and Hudson start with different JREs (client JRE vs. JDK JRE?). Every JRE has its own keystore. This can get quit confusing to configure.

Thomas Jung  2009-11-06 15:06:00
They are on different systems, so they are definitely different keystores. On Eclipse, where I can connect, I have added no certs to the cacert. On the Hudson box I have added the server cert issuing authorities to the cacert file.
CoverosGene  2009-11-06 15:30:04
Are these different JDK versions? The root certificates change from time to time.
Thomas Jung  2009-11-06 15:49:55
Both are JDK 1.6.0_17
CoverosGene  2009-11-06 16:29:31
+1  A: 

There were several bugs in Hudson's subversion plugin involving dealing with SSL certs and their passwords. Here's the one I reported, which they have fixed: http://issues.hudson-ci.org/browse/HUDSON-5230. So now, it should properly save the cert you upload.

Upgrade to the latest version of Hudson (Hudson ver. 1.342 or later) and also the latest version of the subversion plugin (1.10, available at https://hudson.dev.java.net/servlets/ProjectDocumentView?documentID=147307&showInfo=true). To install this plugin, download the subversion.hpi file, then in Hudson go to Manage Hudson -> Manage Plugins -> Advanced, and upload it. Then you need to restart Hudson.

commanda  2010-01-28 20:26:27
That was it. It now works for me.In the meantime, I had added my cert to the /var/lib/hudson/.subversion/servers file. See https://wiki.svnkit.com/SVNKit_specific_system_properties and http://svnbook.red-bean.com/en/1.5/svn.advanced.confarea.html#svn.advanced.confarea.opts.servers
CoverosGene  2010-01-29 17:16:19

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java