1. ホーム
  2. 質問と答え
  3. Jenkins CI - SSL handshake_failure

Jenkins CI - SSL handshake_failure

2012-03-01 26 views
2

Jenkins CIをプロジェクト用に継続的に統合するように設定しようとしており、httpsでSVNリポジトリに接続できません。私は(-Djavax.net.debug=ssl:handshakeを使用して)私のTomcatインスタンス上でSSLデバッグを有効にして、次のように得たJenkins CI - SSL handshake_failure

org.tmatesoft.svn.core.SVNException: svn: OPTIONS /svn/repo/path failed 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:291) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:276) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:264) 
     at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:516) 
     at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:98) 
     at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1001) 
     at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:97) 
     at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:1966) 
     at hudson.scm.SubversionSCM$DescriptorImpl.doCheckRemote(SubversionSCM.java:1900) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282) 
     at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149) 
     at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88) 
     at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111) 
     at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) 
     at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) 
     at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) 
     at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241) 
     at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) 
     at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) 
     at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) 
     at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241) 
     at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) 
     at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) 
     at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) 
     at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477) 
     at org.kohsuke.stapler.Stapler.service(Stapler.java:159) 
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95) 
     at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) 
     at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) 
     at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) 
     at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
     at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) 
     at hudson.plugins.pwauth.PWauthFilter.doFilter(PWauthFilter.java:50) 
     at hudson.plugins.pwauth.PWauthFilter.doFilter(PWauthFilter.java:37) 
     at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470) 
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) 
     at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) 
     at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) 
     at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) 
     at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705) 
     at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) 
     at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) 
     at java.lang.Thread.run(Unknown Source) 
Caused by: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS /svn/repo/path failed 
     at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:200) 
     at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:146) 
     at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:89) 
     ... 81 more 
Caused by: org.tmatesoft.svn.core.SVNException: svn: OPTIONS request failed on '/svn/repo/path' 
svn: Received fatal alert: handshake_failure 
     at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:64) 
     at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:644) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:285) 
     ... 80 more 
Caused by: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS request failed on '/svn/repo/path' 
     at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:200) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:642) 
     ... 81 more 
Caused by: org.tmatesoft.svn.core.SVNErrorMessage: svn: Received fatal alert: handshake_failure 
     at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:101) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:389) 
     ... 81 more 
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) 
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) 
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source) 
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) 
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source) 
     at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source) 
     at java.io.BufferedOutputStream.flushBuffer(Unknown Source) 
     at java.io.BufferedOutputStream.flush(Unknown Source) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:229) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:166) 
     at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:364) 
    ... 81 more 


X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use 
trigger seeding of SecureRandom 
done seeding SecureRandom 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, setSoTimeout(3600000) called 
%% No cached client session 
*** ClientHello, SSLv3 
RandomCookie: GMT: 1330544609 bytes = { 141, 119, 147, 122, 40, 183, 52, 147, 58, 49, 199, 147, 190, 160, 8, 252, 253, 194, 196, 96, 220, 88, 240, 200, 69, 210, 123, 127 } 
Session ID: {} 
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
*** 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, WRITE: SSLv3 Handshake, length = 163 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, READ: SSLv3 Alert, length = 2 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, RECV TLSv1 ALERT: fatal, handshake_failure 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called closeSocket() 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called close() 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called closeInternal(true) 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called close() 
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called closeInternal(true)
私はリポジトリのURLを設定しようと、それは私が次の例外を取得する接続しようとするときはいつでも

this投稿に記載されているように、私は風袋に-Dhttps.protocols=SSLv3プロパティを追加しようとしましたが、それでも同じエラーがありました。

この時点で私は何が起こっているのか完全に困惑しています...残念ながら、私はSSLデバッグ情報を完全に理解するSSL専門家はいません。誰でもこのエラーを修正する方法について考えている?

出典

2012-03-01 Michael

答えて

3

したがって、サーバー上のSSL構成を扱う際に問題があるようです。明らかに何らかの理由でSVNKitはTLSv1で動作しません。

私たちの初期設定は、TLSv1だけを許可するようにした:これは 'クライアント' 側からである

SSLProtocol -all +SSLv3 +TLSv1

出典

2012-03-05 13:48:18 Michael

+1

どのようにsvnkitを設定しますか? – teknopaul

0

サーバーがクライアントに応答しているように見えますが、クライアントは応答が気に入らないようです。クライアントサイドのログを見て、問題の原因を示唆するものがあるかどうかを確認してください。

出典

2012-03-01 16:14:02 Nasko

+0

SSLProtocol -all +TLSv1

だから、修正がTLSv1のとのSSLv3を有効にすることでした。 SSLクライアントは、SVN(httpd)サーバーを呼び出すTomcatアプリケーション(Jenkins)です。 – Michael

+1

そして、SVNのhttpdログには失敗のデータはありませんか?奇妙なのは、TomcatがSSLv3で拡張機能を送信しているということです。サーバが誤動作している可能性があるため、拡張機能の必要性を排除するECC暗号スイートを無効にしてみてください。または、TLS 1.0を有効にしてみます。 – Nasko

関連する問題

 関連する問題