Page 1 of 1

problem in deploying the svnwebclient in https protocol

Posted: Wed Nov 18, 2009 3:51 pm
by debasis
Hi All,
svn web client is working fine with http.but ours is https-url for the subversion.
in the web.xml gave the repository url-https://srv70.agi.com:8443/svn/TAC
i saw from the doc that i need to provide
ProtocolKeyFile - Path to user's certificate file
ProtocolPassPhrase - The password to ssl certificate

But i don't know where can i get user's certificate file and where can i get the password for the ssl certificate.

svn web clint is simply hanging .it is not creating any log for that if something goes wrong abt the path of the protocol key file or password.

any help will be highly appreciable.

Thanks,
Debasis

Re: problem in deploying the svnwebclient in https protocol

Posted: Mon Dec 07, 2009 9:34 pm
by ChernikovaEkaterina
Hi Debasis,

configure 'ProtocolKeyFile' parameter in web.xml file.
Here's a snippet of protocol section:

<!-- Protocols support -->
<!--
Path to user's certificate file in SSL or user's ssh private key in SSH
Example: D:/client.p12
-->
<context-param>
<param-name>ProtocolKeyFile</param-name>
<param-value>D:/client.p12</param-value>
</context-param>
<!--
The password to the ssh private key or the password to ssl certificate
Example: svn
-->
<context-param>
<param-name>ProtocolPassPhrase</param-name>
<param-value>svn</param-value>
</context-param>
<!--
The number of the port across which an ssh tunnel is established
Values: valid port number
Example: 22
-->
<context-param>
<param-name>ProtocolPortNumber</param-name>
<param-value>22</param-value>
</context-param>

Best Regards,

Ekaterina Chernikova
Polarion Software Support

Re: problem in deploying the svnwebclient in https protocol

Posted: Mon Dec 21, 2009 8:35 pm
by schneigu
Hi Ekaterina,

I have exactly same problem. As soon as I change the URL to https, the tomcat5 process is looping during reading the new configuration. It is using whole CPU and is making thousends of IO operations. On the network, there isn't any traffic. Also not to the svn server.

Without https it reads the configuration correctly, but then it cannot connect to the svn server, of course.

Your post, with the parameter example doesn't help much. This is in the web.xml already in.
I tried to provide a key file and the password of it. It is not helping.

From my point of view svnwebclient is looping. But where and why?

Do you have any hint what we can do? How can we switchon more log info, to see where it is looping?

thanks in advance

Re: problem in deploying the svnwebclient in https protocol

Posted: Mon Dec 21, 2009 8:50 pm
by schneigu
Hi Ekatarina,

this information is already in web.xml.
I tried to supply this. At least the ProtokolKeyFile and the ProtocollPassPhrase. The Port is not clear for me if I use HTTPS. Is it just 433 or what is mean there?

The effect of an HTTPS URL is, the tomcat5 process ist looping during reread of the config.
100% CPU is used, there are thousends of IO's, not traffic to the network. Also not to the SVN server.

Any idea?

Re: problem in deploying the svnwebclient in https protocol

Posted: Mon Dec 21, 2009 9:39 pm
by schneigu
I have investigated a bit more in this issue:

for me it looks like a software error.
If I use filemon from sysinternals, I see the tomcat5 process looping by reading the ssl-keystore. It is opeing the file, reading some bytes and closing the file. All without an error. And then it is doing it again and again and again. It loops there forever.

please help.

Re: problem in deploying the svnwebclient in https protocol

Posted: Wed Jan 06, 2010 6:21 pm
by fletch00
I have the same problem - I specified my private key id_rsa (from ssh-keygen) file path (who knows why it needs this if I am using a login and password?)
If I turn on FINE log level then the errors are revealed (its constantly loading and rejecting the private key)
over and over many times a second:

Jan 6, 2010 10:10:17 AM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger info
FINE: toDerInputStream rejects tag type 45
java.io.IOException: toDerInputStream rejects tag type 45
at sun.security.util.DerValue.toDerInputStream(DerValue.java:796)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1199)
at java.security.KeyStore.load(KeyStore.java:1150)
at org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.loadClientCertificate(DefaultSVNSSLManager.java:298)
at org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.setClientAuthentication(DefaultSVNSSLManager.java:355)
at org.polarion.svncommons.commentscache.authentication.SVNSSLManagerWrapper.setClientAuthentication(SVNSSLManagerWrapper.java:40)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.promptSSLClientCertificate(HTTPConnection.java:543)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:252)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:234)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:222)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.doPropfind(DAVConnection.java:97)
at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getProperties(DAVUtil.java:57)
at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getResourceProperties(DAVUtil.java:62)
at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getStartingProperties(DAVUtil.java:92)
at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.findStartingProperties(DAVUtil.java:113)
at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getBaselineProperties(DAVUtil.java:197)
at org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getBaselineInfo(DAVUtil.java:160)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.fetchRepositoryRoot(DAVConnection.java:77)
at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getRepositoryRoot(DAVRepository.java:115)
at org.polarion.svnwebclient.data.javasvn.DataProvider.getID(DataProvider.java:134)
at org.polarion.svnwebclient.web.InitListener.contextInitialized(InitListener.java:77)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3831)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4323)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at org.apache.catalina.core.StandardService.start(StandardService.java:480)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
Jan 6, 2010 10:10:17 AM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger info
FINE: toDerInputStream rejects tag type 45
java.io.IOException: toDerInputStream rejects tag type 45

Re: problem in deploying the svnwebclient in https protocol

Posted: Mon Sep 27, 2010 11:27 pm
by franc
Is there a solution now?
Or is SSL just not working?