| Anonymous | Login | Signup for a new account | 2010-09-10 02:46 MSD |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | |||||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
| 0000271 | [SVNKit] bug | major | always | 2008-10-02 01:17 | 2010-03-25 06:43 | |||||||
| Reporter | cavanaug | View Status | public | |||||||||
| Assigned To | oka | |||||||||||
| Priority | normal | Resolution | open | |||||||||
| Status | assigned | Product Version | 1.2.0 | |||||||||
| Summary | 0000271: SSL Client certificates with blank/no password dont work (Incompatibility with svn) | |||||||||||
| Description |
While I realize that having client certificates with blank passwords is not a good idea, the functionality does work with svn, tortoisesvn, etc. I have a client certificate called nopassword.p12 and it was encoded with no export password. In my servers file the following do not work with svnkit/jsvn, but *do* work with svn or tortoisesvn. [groupX] ssl-client-cert-file = nopassword.p12 ssl-client-cert-password = or [groupX] ssl-client-cert-file = nopassword.p12 but if I reencode the p12 from my pem file with an export password everything works [groupX] ssl-client-cert-file = withpassword.p12 ssl-client-cert-password = samplepassword |
|||||||||||
| Additional Information |
I originally found this via usage of Hudson which uses svnkit, but the jsvn commandline doesnt work either, so I figured I should submit the defect to the right place. I marked severity as major since it is an incompatibility with svn, which I presumed was important to maintain. If thats not the right level, my apologies. |
|||||||||||
| Tags | No tags attached. | |||||||||||
| planned for version | 1.2.x | |||||||||||
| Attached Files | ||||||||||||
|
|
||||||||||||
 Relationships |
|
|
Notes |
|
|
(0000509) oka (administrator) 2008-10-03 19:17 |
Hello, Thank you for reporting this issue. AFAIR, no-passphrase protected certificates worked for me. Could it happen that you have another certificate and passphrase defined in the [global] group or in system global configuration file (/etc/subversion/servers)? Also, empty passphrase ("") and no passphrase (null) could be treated differently by Java certificate loader. I'm not saying there is no bug, but would like to get more details on the problem. |
|
(0000510) cavanaug (reporter) 2008-10-06 07:40 |
Good question on empty vs null. Honestly, when I exported them using openssl I just hit return at the prompt for password, so I dont know what it used, presumably empty??? Im traveling for a couple days but Ill try to get some additional information to you. Ill plan on providing the following. - Full copy of svn servers file - Shell window history of using regular svn, and jsvn showing success/failures Is there anything else I can do in terms of turning on specially logging/debugging in jsvn so I can provide better diagnostic information?? |
|
(0000512) oka (administrator) 2008-10-11 01:23 |
Hello, After some additional investigations I figured out that inability to load SSL certificate without password is JDK bug, still not fixed in JDK 1.6. However, I think we could workaround this problem providing custom implementation for one of SSL-related interface. What I miss is a server with SSL client cert authentication enabled. I tried to set up one - but strangely it allows me to log in both with certificate and without, so I couldn't really say whether my workaround works well. Is it possible to get test RO access to your repository with unprotected client certificate? This will help a log in fixing this problem. Thanks! |
|
(0000796) cavanaug (reporter) 2010-03-25 06:43 |
After further examination this appears to be a problem with PKCS12 certificates that: Have a blank passphrase *or* Have a blank export password I think the only recommendation now is to document this somewhere and to generate a useful error message (via jsvn) if certificates are encountered like that. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-10-02 01:17 | cavanaug | New Issue | |
| 2008-10-02 02:08 | oka | Status | new => assigned |
| 2008-10-02 02:08 | oka | Assigned To | => oka |
| 2008-10-03 19:17 | oka | Note Added: 0000509 | |
| 2008-10-06 07:40 | cavanaug | Note Added: 0000510 | |
| 2008-10-11 01:23 | oka | Note Added: 0000512 | |
| 2010-03-25 06:43 | cavanaug | Note Added: 0000796 | |
| Mantis 1.1.0[^] Copyright © 2000 - 2007 Mantis Group |  |
