English 中文(简体)
Why am I getting handshake_failure with Java SSL cert?
原标题:

I m trying to use Hudson (which uses SVNKit) to access a Subversion repository that requires a client certificate to access it. I can access the same repository using the same client certificate via Eclipse (also using SVNKit).

When Hudson tries to check out the repository, it fails with:

org.tmatesoft.svn.core.SVNException: svn: Received fatal alert: handshake_failure

Hudson is running under Tomcat, so I turned on ssl debugging in the Tomcat log (-Djavax.net.debug=ssl).

At the end of the handshake I see:

*** ServerHelloDone
Executor #0 for master : executing eMASS integration #3, SEND SSLv3 ALERT:  warning, description = no_certificate

I m not sure if that is the crux of the problem or not.

That follows a list of Cert Authorities. I made sure the server s cert root issuer is imported in my cacerts, as well as the intermediate issuer. I still get the same problem.

Any ideas for what to look at?

The log is on pastebin.

最佳回答

There were several bugs in Hudson s subversion plugin involving dealing with SSL certs and their passwords. Here s the one I reported, which they have fixed: http://issues.hudson-ci.org/browse/HUDSON-5230. So now, it should properly save the cert you upload.

Upgrade to the latest version of Hudson (Hudson ver. 1.342 or later) and also the latest version of the subversion plugin (1.10, available at https://hudson.dev.java.net/servlets/ProjectDocumentView?documentID=147307&showInfo=true). To install this plugin, download the subversion.hpi file, then in Hudson go to Manage Hudson -> Manage Plugins -> Advanced, and upload it. Then you need to restart Hudson.

问题回答

Alexey had the right idea.

Log:

SEND SSLv3 ALERT:  warning, description = no_certificate

This was discussed in the Java Programming forum.

Maybe your eclipse and Hudson start with different JREs (client JRE vs. JDK JRE?). Every JRE has its own keystore. This can get quit confusing to configure.

I had the same problem on my Ubuntu server. Installation of certificates did not help. The solution was to chage the default Java (java-6-openjdk) to Sun Java (java-6-sun).

I don`t know exactly, but may be it helps. May be you need to add cerificate to jvm using keystore





相关问题
Spring Properties File

Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...

Logging a global ID in multiple components

I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...

Java Library Size

If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...

How to get the Array Class for a given Class in Java?

I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....

SQLite , Derby vs file system

I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...

热门标签