You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@continuum.apache.org by Ryan Skorstad <ry...@beatport.com> on 2008/11/06 19:16:44 UTC

Problem with Subversion and HTTPS Access to Repository

I have a Continuum 1.2.2 server running and I am trying to check out 
source code from my Subversion repository running on a different host. 
I am trying to add this code to Continuum as an M2 Project.

The only way to access the Subversion repository is via HTTPS, and the 
Continuum server does not like this because it doesn't trust my CA.

There are many posts on the mailing list that talk about how Continuum 
shells out to run a svn checkout, but I do not think this is the case 
with the version of the code I am running.  It appears that Java is 
trying to perform the checkout based on the error I am getting:

2008-11-06 10:26:48,258 [addMavenTwoProjectBackgroundThread] INFO 
continuumProjectBuilder#maven-two-builder  - Error adding project: 
Unknown error downloading from 
https://my.svn.server/svn/main/prototypes/myProject/pom.xml
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Is there a way to get my Continuum to trust my CA?

RE: Build Environments

Posted by Kyle Lebel <kl...@lixar.com>.

Here it is, located under the "Administrator's Guides"
 
http://continuum.apache.org/docs/1.2.2/administrator_guides/profiles.html
 
Kyle

________________________________

From: murali mohan [mailto:muralihere@gmail.com]
Sent: Fri 11/7/2008 9:31 AM
To: users@continuum.apache.org
Subject: Re: Build Environments



ah ok. I am not sure I understood what is the build environment
documentation you are referring to. Pls send a link. Or are you referring to
the build definition templates?

Murali.

On Fri, Nov 7, 2008 at 2:17 PM, Kyle Lebel <kl...@lixar.com> wrote:

> Yes this setup makes sense.  We could do that.
>
> I just read the build environments doc and was wondering if it's something
> we could control at a higher level, instead of having to add build args to
> each build.  Say - every project we would automate should contain a
> "continuum" profile.  On continuum, wed define this build environment once
> and select it from the drop down in the build definition.  I guess I'm
> trying to understand what those build environments are for...
>
> Kyle
>
> ________________________________
>
> From: murali mohan [mailto:muralihere@gmail.com]
> Sent: Fri 11/7/2008 9:10 AM
> To: users@continuum.apache.org
> Subject: Re: Build Environments
>
>
>
> I have a similar setup in continuum.
>
> The profile definition:
>    <profile>
>        <id>sampleProfile</id>
>
>        <activation>
>        <activeByDefault>false</activeByDefault>
>        <property>
>            <name>live-tests-only</name>
>        </property>
>        </activation>
>
> This profile can be activated either by passing the arguments
> "-PsampleProfile" or "-Dlive-tests-only". You can pass these argument to
> the
> continuum builds by adding these in the arguments section when you define a
> build.
>
> Murali.
>
> On Fri, Nov 7, 2008 at 1:58 PM, Kyle Lebel <kl...@lixar.com> wrote:
>
> > Hi,
> >
> > I have a question regarding the Build Environments.  What I am trying to
> do
> > is activate a profile when building from continuum.  I would like to do
> this
> > using an environment variable somehow.  But reading the Build
> Environments
> > documentation, it seems to indicate I could create this environment
> variable
> > through here - and have my builds using that build environment.  Is this
> > correct, or have I misunderstood something?
> >
> > Kyle
> >
>
>
>

Re: Build Environments

Posted by murali mohan <mu...@gmail.com>.

ah ok. I am not sure I understood what is the build environment
documentation you are referring to. Pls send a link. Or are you referring to
the build definition templates?

Murali.

On Fri, Nov 7, 2008 at 2:17 PM, Kyle Lebel <kl...@lixar.com> wrote:

> Yes this setup makes sense.  We could do that.
>
> I just read the build environments doc and was wondering if it's something
> we could control at a higher level, instead of having to add build args to
> each build.  Say - every project we would automate should contain a
> "continuum" profile.  On continuum, wed define this build environment once
> and select it from the drop down in the build definition.  I guess I'm
> trying to understand what those build environments are for...
>
> Kyle
>
> ________________________________
>
> From: murali mohan [mailto:muralihere@gmail.com]
> Sent: Fri 11/7/2008 9:10 AM
> To: users@continuum.apache.org
> Subject: Re: Build Environments
>
>
>
> I have a similar setup in continuum.
>
> The profile definition:
>    <profile>
>        <id>sampleProfile</id>
>
>        <activation>
>        <activeByDefault>false</activeByDefault>
>        <property>
>            <name>live-tests-only</name>
>        </property>
>        </activation>
>
> This profile can be activated either by passing the arguments
> "-PsampleProfile" or "-Dlive-tests-only". You can pass these argument to
> the
> continuum builds by adding these in the arguments section when you define a
> build.
>
> Murali.
>
> On Fri, Nov 7, 2008 at 1:58 PM, Kyle Lebel <kl...@lixar.com> wrote:
>
> > Hi,
> >
> > I have a question regarding the Build Environments.  What I am trying to
> do
> > is activate a profile when building from continuum.  I would like to do
> this
> > using an environment variable somehow.  But reading the Build
> Environments
> > documentation, it seems to indicate I could create this environment
> variable
> > through here - and have my builds using that build environment.  Is this
> > correct, or have I misunderstood something?
> >
> > Kyle
> >
>
>
>

RE: Build Environments

Posted by Kyle Lebel <kl...@lixar.com>.

Yes this setup makes sense.  We could do that.  

I just read the build environments doc and was wondering if it's something we could control at a higher level, instead of having to add build args to each build.  Say - every project we would automate should contain a "continuum" profile.  On continuum, wed define this build environment once and select it from the drop down in the build definition.  I guess I'm trying to understand what those build environments are for...  

Kyle

________________________________

From: murali mohan [mailto:muralihere@gmail.com]
Sent: Fri 11/7/2008 9:10 AM
To: users@continuum.apache.org
Subject: Re: Build Environments

I have a similar setup in continuum.

The profile definition:
    <profile>
        <id>sampleProfile</id>

        <activation>
        <activeByDefault>false</activeByDefault>
        <property>
            <name>live-tests-only</name>
        </property>
        </activation>

This profile can be activated either by passing the arguments
"-PsampleProfile" or "-Dlive-tests-only". You can pass these argument to the
continuum builds by adding these in the arguments section when you define a
build.

Murali.

On Fri, Nov 7, 2008 at 1:58 PM, Kyle Lebel <kl...@lixar.com> wrote:

> Hi,
>
> I have a question regarding the Build Environments.  What I am trying to do
> is activate a profile when building from continuum.  I would like to do this
> using an environment variable somehow.  But reading the Build Environments
> documentation, it seems to indicate I could create this environment variable
> through here - and have my builds using that build environment.  Is this
> correct, or have I misunderstood something?
>
> Kyle
>

Re: Build Environments

Posted by murali mohan <mu...@gmail.com>.

I have a similar setup in continuum.

The profile definition:
    <profile>
        <id>sampleProfile</id>

        <activation>
        <activeByDefault>false</activeByDefault>
        <property>
            <name>live-tests-only</name>
        </property>
        </activation>

This profile can be activated either by passing the arguments
"-PsampleProfile" or "-Dlive-tests-only". You can pass these argument to the
continuum builds by adding these in the arguments section when you define a
build.

Murali.

On Fri, Nov 7, 2008 at 1:58 PM, Kyle Lebel <kl...@lixar.com> wrote:

> Hi,
>
> I have a question regarding the Build Environments.  What I am trying to do
> is activate a profile when building from continuum.  I would like to do this
> using an environment variable somehow.  But reading the Build Environments
> documentation, it seems to indicate I could create this environment variable
> through here - and have my builds using that build environment.  Is this
> correct, or have I misunderstood something?
>
> Kyle
>

Build Environments

Posted by Kyle Lebel <kl...@lixar.com>.

Hi, 
 
I have a question regarding the Build Environments.  What I am trying to do is activate a profile when building from continuum.  I would like to do this using an environment variable somehow.  But reading the Build Environments documentation, it seems to indicate I could create this environment variable through here - and have my builds using that build environment.  Is this correct, or have I misunderstood something?
 
Kyle

Re: Problem with Subversion and HTTPS Access to Repository

Posted by Emmanuel Venisse <em...@gmail.com>.

Look at [1] for the InstallCert java class. I use it sometimes to install
certificates.

[1] http://blogs.sun.com/andreas/entry/no_more_unable_to_find

Emmanuel

On Fri, Nov 7, 2008 at 5:46 PM, Ryan Skorstad <ry...@beatport.com>wrote:

> I have added my CA to the JVM's keystore using keytool:
>
> keytool -import -keystore cacerts -file my.ca
>
> and also:
>
> keytool -import -keystore cacerts -file my.ca -trustcacerts
>
> The cafile is located in /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/ which
> should be the correct location for the JVM that Continuum is using.
>
> I have verified that the CA is correct by using OpenSSL to connect to my
> svn repository:
>
> openssl s_client -CAfile my.ca -connect svn.mydomain.com:443
>
> It still throws the 'javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated' exception.  Am I using the wrong keystore?  This is the only
> one on the machine.
>
> -Ryan
>
>
>
> Thijs Schnitger wrote:
>
>> Ryan Skorstad wrote:
>>
>>  Is there a way to get my Continuum to trust my CA?
>>>
>>>
>> Add the certificate of your CA to the cacerts file of your JRE, using
>> keytool.
>>
>>
>
>

Re: Problem with Subversion and HTTPS Access to Repository

Posted by Thijs Schnitger <t....@func.nl>.

I appear to have sent you in the wrong direction.
You should indeed let svn know of the CA certificate. This can be done 
in various ways. In my case I added my CAcert to the system defaults in 
/etc/ssl/certs. The svn docs say you need to edit the runtime servers 
file, which can be found in the homedir of the user who runs continuum, 
in ~/.subversion/servers. Edit a parameter called ssl-authority-files.
You may need to restart Continuum.

Hope this helps,

Thijs

Ryan Skorstad wrote:
> I have added my CA to the JVM's keystore using keytool:
> 
> keytool -import -keystore cacerts -file my.ca
> 
> and also:
> 
> keytool -import -keystore cacerts -file my.ca -trustcacerts
> 
> The cafile is located in /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/ which 
> should be the correct location for the JVM that Continuum is using.
> 
> I have verified that the CA is correct by using OpenSSL to connect to my 
> svn repository:
> 
> openssl s_client -CAfile my.ca -connect svn.mydomain.com:443
> 
> It still throws the 'javax.net.ssl.SSLPeerUnverifiedException: peer not 
> authenticated' exception.  Am I using the wrong keystore?  This is the 
> only one on the machine.
> 
> -Ryan
> 
> 
> Thijs Schnitger wrote:
>> Ryan Skorstad wrote:
>>
>>> Is there a way to get my Continuum to trust my CA?
>>>
>>
>> Add the certificate of your CA to the cacerts file of your JRE, using 
>> keytool.
>>
> 
>

Re: Problem with Subversion and HTTPS Access to Repository

Posted by Ryan Skorstad <ry...@beatport.com>.

I have added my CA to the JVM's keystore using keytool:

keytool -import -keystore cacerts -file my.ca

and also:

keytool -import -keystore cacerts -file my.ca -trustcacerts

The cafile is located in /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/ which 
should be the correct location for the JVM that Continuum is using.

I have verified that the CA is correct by using OpenSSL to connect to my 
svn repository:

openssl s_client -CAfile my.ca -connect svn.mydomain.com:443

It still throws the 'javax.net.ssl.SSLPeerUnverifiedException: peer not 
authenticated' exception.  Am I using the wrong keystore?  This is the 
only one on the machine.

-Ryan

Thijs Schnitger wrote:
> Ryan Skorstad wrote:
> 
>> Is there a way to get my Continuum to trust my CA?
>>
> 
> Add the certificate of your CA to the cacerts file of your JRE, using 
> keytool.
>

Re: Problem with Subversion and HTTPS Access to Repository

Posted by Thijs Schnitger <t....@func.nl>.

Ryan Skorstad wrote:

> Is there a way to get my Continuum to trust my CA?
> 

Add the certificate of your CA to the cacerts file of your JRE, using 
keytool.

-- 
Thijs Schnitger
Func. Internet Integration
W http://www.func.nl
T +31 20 4230000
F +31 20 4223500