Why am I getting handshake_failure with Java SSL cert?

StackOverflow https://stackoverflow.com/questions/1687939

Question

I'm trying to use Hudson (which uses SVNKit) to access a Subversion repository that requires a client certificate to access it. I can access the same repository using the same client certificate via Eclipse (also using SVNKit).

When Hudson tries to check out the repository, it fails with:

org.tmatesoft.svn.core.SVNException: svn: Received fatal alert: handshake_failure

Hudson is running under Tomcat, so I turned on ssl debugging in the Tomcat log (-Djavax.net.debug=ssl).

At the end of the handshake I see:

*** ServerHelloDone
Executor #0 for master : executing eMASS integration #3, SEND SSLv3 ALERT:  warning, description = no_certificate

I'm not sure if that is the crux of the problem or not.

That follows a list of Cert Authorities. I made sure the server's cert root issuer is imported in my cacerts, as well as the intermediate issuer. I still get the same problem.

Any ideas for what to look at?

The log is on pastebin.

Was it helpful?

Solution

There were several bugs in Hudson's subversion plugin involving dealing with SSL certs and their passwords. Here's the one I reported, which they have fixed: http://issues.hudson-ci.org/browse/HUDSON-5230. So now, it should properly save the cert you upload.

Upgrade to the latest version of Hudson (Hudson ver. 1.342 or later) and also the latest version of the subversion plugin (1.10, available at https://hudson.dev.java.net/servlets/ProjectDocumentView?documentID=147307&showInfo=true). To install this plugin, download the subversion.hpi file, then in Hudson go to Manage Hudson -> Manage Plugins -> Advanced, and upload it. Then you need to restart Hudson.

OTHER TIPS

Alexey had the right idea.

Log:

SEND SSLv3 ALERT:  warning, description = no_certificate

This was discussed in the Java Programming forum.

Maybe your eclipse and Hudson start with different JREs (client JRE vs. JDK JRE?). Every JRE has its own keystore. This can get quit confusing to configure.

I had the same problem on my Ubuntu server. Installation of certificates did not help. The solution was to chage the default Java (java-6-openjdk) to Sun Java (java-6-sun).

I don`t know exactly, but may be it helps. May be you need to add cerificate to jvm using keystore

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top