为什么我使用 Java SSL 证书时会收到握手失败?
我正在尝试使用 Hudson(它使用 SVNKit)来访问需要客户端证书才能访问的 Subversion 存储库。我可以通过 Eclipse 使用相同的客户端证书访问相同的存储库(也使用 SVNKit)。
当 Hudson 尝试检查存储库时,它失败并显示:
org.tmatesoft.svn.core.SVNException: svn: Received fatal alert: handshake_failure
Hudson 在 Tomcat 下运行,因此我在 Tomcat 日志中打开了 ssl 调试 (-Djavax.net.debug=ssl)。
在握手结束时,我看到:
*** ServerHelloDone
Executor #0 for master : executing eMASS integration #3, SEND SSLv3 ALERT: warning, description = no_certificate
我不确定这是否是问题的症结所在。
接下来是证书颁发机构列表。我确保服务器的证书根颁发者以及中间颁发者已导入到我的 cacerts 中。我仍然遇到同样的问题。
对于看什么有什么想法吗?
I'm trying to use Hudson (which uses SVNKit) to access a Subversion repository that requires a client certificate to access it. I can access the same repository using the same client certificate via Eclipse (also using SVNKit).
When Hudson tries to check out the repository, it fails with:
org.tmatesoft.svn.core.SVNException: svn: Received fatal alert: handshake_failure
Hudson is running under Tomcat, so I turned on ssl debugging in the Tomcat log (-Djavax.net.debug=ssl).
At the end of the handshake I see:
*** ServerHelloDone
Executor #0 for master : executing eMASS integration #3, SEND SSLv3 ALERT: warning, description = no_certificate
I'm not sure if that is the crux of the problem or not.
That follows a list of Cert Authorities. I made sure the server's cert root issuer is imported in my cacerts, as well as the intermediate issuer. I still get the same problem.
Any ideas for what to look at?
The log is on pastebin.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
Hudson 的 subversion 插件中存在几个涉及 SSL 证书及其密码处理的错误。这是我报告的问题,他们已修复:http://issues.hudson-ci .org/browse/HUDSON-5230。所以现在,它应该正确保存您上传的证书。
升级到最新版本的 Hudson(Hudson 版本 1.342 或更高版本)以及最新版本的 subversion 插件(1.10,可在 https://hudson.dev.java.net/servlets/ProjectDocumentView?documentID=147307&showInfo=true)。要安装此插件,请下载 subversion.hpi 文件,然后在 Hudson 中转到 Manage Hudson ->管理插件 ->进阶了,上传吧。然后你需要重新启动Hudson。
There were several bugs in Hudson's subversion plugin involving dealing with SSL certs and their passwords. Here's the one I reported, which they have fixed: http://issues.hudson-ci.org/browse/HUDSON-5230. So now, it should properly save the cert you upload.
Upgrade to the latest version of Hudson (Hudson ver. 1.342 or later) and also the latest version of the subversion plugin (1.10, available at https://hudson.dev.java.net/servlets/ProjectDocumentView?documentID=147307&showInfo=true). To install this plugin, download the subversion.hpi file, then in Hudson go to Manage Hudson -> Manage Plugins -> Advanced, and upload it. Then you need to restart Hudson.
阿列克谢的想法是正确的。
日志:
中对此进行了讨论
Java 编程论坛。
也许您的 eclipse 和 Hudson 从不同的 JRE 开始(客户端 JRE 与 JDK JRE?)。每个 JRE 都有自己的密钥库。这可能会导致配置变得混乱。
Alexey had the right idea.
Log:
This was discussed in the
Java Programming forum.
Maybe your eclipse and Hudson start with different JREs (client JRE vs. JDK JRE?). Every JRE has its own keystore. This can get quit confusing to configure.
我的 Ubuntu 服务器上也遇到了同样的问题。安装证书没有帮助。解决方案是将默认 Java (java-6-openjdk) 更改为 Sun Java (java-6-sun)。
I had the same problem on my Ubuntu server. Installation of certificates did not help. The solution was to chage the default Java (java-6-openjdk) to Sun Java (java-6-sun).
我不太清楚,但可能会有帮助。
可能您需要使用密钥库将证书添加到 jvm
I don`t know exactly, but may be it helps.
May be you need to add cerificate to jvm using keystore