Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13763

subversion https-client authentication doesn't work with correct parameters

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Major Major
    • subversion-plugin
    • None
    • Windows Server 2003, Java 1.6.0.31, Jenkins 1.463, Subversion Plugin 1.39

      The subversion authentication module currently doesn't work, even with correct parameters. The behavior is identical to the already created bug due the not validating input parameters. The exception gives no hint what the problem / reason is.

      The authentication works perfectly if the same certificate (p12) file and the same password is configured manually within the subversion "Application Data\Subversion\servers" file.

          [JENKINS-13763] subversion https-client authentication doesn't work with correct parameters

          Marco Borm created issue -
          Marco Borm made changes -
          Attachment New: emptycertificate.png [ 21821 ]
          Attachment New: subversionException.txt [ 21822 ]
          Description Original: The subversion authentication module accepts any file as certificate and anything as password. A failure always results in the same not helpful exception "SSL handshake failed: 'Received fatal alert: handshake_failure'" after the subversion client send a empty client certificate send to the server on the TLS connection. I am not sure if is allowed to send a empty client certificate message to the server.

          Due the complexity of the software chain and configuration parameters used for HTTPS authentication, it is very annoying to find the real problem if no component returns a usable error message.

          The expected behavior is to validate the input parameters and do not try to establish a connection with obvious invalid parameters.
          New: The subversion authentication module currently doesn't work, even with correct parameters. The behavior is identical to the already created bug due the not validating input parameters. The exception gives no hint what the problem / reason is.

          The authentication works perfectly if the same certificate (p12) file and the same password is configured manually within the subversion "Application Data\Subversion\servers" file.
          Summary Original: subversion authentication doesn't work on correct certificate parameters New: subversion https-client authentication doesn't work with correct parameters

          Marco Borm added a comment -

          Maybe the bugs are related.

          Marco Borm added a comment - Maybe the bugs are related.
          Marco Borm made changes -
          Link New: This issue is related to JENKINS-13762 [ JENKINS-13762 ]

          Marco Borm added a comment - - edited

          Unfortunately the workaround with the "servers"-file doesn't work under linux. I can checkout successfully using the plain svn tools using the same user as jenkins, but jenkins itself fails with an exception. Due the problem that I can't store the authentication data within jenkins, we can't checkout using jenkins under linux now.

          Exception:
          "Caused by: org.tmatesoft.svn.core.SVNCancelException: svn: E200015: No credential to try. Authentication failed
          at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.cancel(SVNErrorManager.java:37)
          at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.cancel(SVNErrorManager.java:32)
          at org.tmatesoft.svn.core.internal.wc.DefaultSVNAuthenticationManager.getNextAuthentication(DefaultSVNAuthenticationManager.java:223)
          at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initialize(HTTPSSLKeyManager.java:426)
          at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initializeNoException(HTTPSSLKeyManager.java:406)
          at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.chooseClientAlias(HTTPSSLKeyManager.java:302)
          at sun.security.ssl.AbstractWrapper.chooseClientAlias(SSLContextImpl.java:282)
          at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:629)
          at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
          at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
          at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
          at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945)
          at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
          at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:657)
          at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:108)
          at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
          at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
          at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:238)
          at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:168)
          at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:385)
          at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:298)
          ... 35 more
          Caused by: svn: E200015: No credential to try. Authentication failed
          at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:208)
          at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:154)
          at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:97)
          ... 56 more"

          Marco Borm added a comment - - edited Unfortunately the workaround with the "servers"-file doesn't work under linux. I can checkout successfully using the plain svn tools using the same user as jenkins, but jenkins itself fails with an exception. Due the problem that I can't store the authentication data within jenkins, we can't checkout using jenkins under linux now. Exception: "Caused by: org.tmatesoft.svn.core.SVNCancelException: svn: E200015: No credential to try. Authentication failed at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.cancel(SVNErrorManager.java:37) at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.cancel(SVNErrorManager.java:32) at org.tmatesoft.svn.core.internal.wc.DefaultSVNAuthenticationManager.getNextAuthentication(DefaultSVNAuthenticationManager.java:223) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initialize(HTTPSSLKeyManager.java:426) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initializeNoException(HTTPSSLKeyManager.java:406) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.chooseClientAlias(HTTPSSLKeyManager.java:302) at sun.security.ssl.AbstractWrapper.chooseClientAlias(SSLContextImpl.java:282) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:629) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610) at sun.security.ssl.Handshaker.process_record(Handshaker.java:546) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:657) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:108) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:238) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:168) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:385) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:298) ... 35 more Caused by: svn: E200015: No credential to try. Authentication failed at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:208) at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:154) at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:97) ... 56 more"

          Marco Borm added a comment -

          Ok, the mistake was a missing password character. So the workaround works also under linux, but: The error message was wrong again. "No credential to try" -> "found credentials wrong"

          Marco Borm added a comment - Ok, the mistake was a missing password character. So the workaround works also under linux, but: The error message was wrong again. "No credential to try" -> "found credentials wrong"
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 144230 ] New: JNJira + In-Review [ 176106 ]

          James Dumay added a comment -

          There have been numerous fixes and upgrades to the Subversion plugin in the intervening years between this ticket being filed and today. If this is still a problem with the latest version of Jenkins and the subversion plugin, please open a new ticket with detailed reproduction instructions and we can take a look.

          James Dumay added a comment - There have been numerous fixes and upgrades to the Subversion plugin in the intervening years between this ticket being filed and today. If this is still a problem with the latest version of Jenkins and the subversion plugin, please open a new ticket with detailed reproduction instructions and we can take a look.
          James Dumay made changes -
          Resolution New: Cannot Reproduce [ 5 ]
          Status Original: Open [ 1 ] New: Closed [ 6 ]

            Unassigned Unassigned
            mborm Marco Borm
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: