小编典典

Jenkins CI-SSL握手_失败

jenkins

我正在尝试将Jenkins
CI配置为对我们的项目执行持续集成,并且无法使其通过https连接到我们的SVN存储库。每当我尝试配置存储库URL并尝试连接时,都会遇到以下异常:

org.tmatesoft.svn.core.SVNException: svn: OPTIONS /svn/repo/path failed
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:291)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:276)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:264)
        at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:516)
        at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:98)
        at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1001)
        at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:97)
        at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:1966)
        at hudson.scm.SubversionSCM$DescriptorImpl.doCheckRemote(SubversionSCM.java:1900)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
        at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
        at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
        at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
        at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
        at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
        at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
        at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
        at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
        at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
        at hudson.plugins.pwauth.PWauthFilter.doFilter(PWauthFilter.java:50)
        at hudson.plugins.pwauth.PWauthFilter.doFilter(PWauthFilter.java:37)
        at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS /svn/repo/path failed
        at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:200)
        at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:146)
        at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:89)
        ... 81 more
Caused by: org.tmatesoft.svn.core.SVNException: svn: OPTIONS request failed on '/svn/repo/path'
svn: Received fatal alert: handshake_failure
        at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:64)
        at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:644)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:285)
        ... 80 more
Caused by: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS request failed on '/svn/repo/path'
        at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:200)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:642)
        ... 81 more
Caused by: org.tmatesoft.svn.core.SVNErrorMessage: svn: Received fatal alert: handshake_failure
        at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:101)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:389)
        ... 81 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
        at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
        at java.io.BufferedOutputStream.flush(Unknown Source)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:229)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:166)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:364)
    ... 81 more

我在tomcat实例上启用了SSL调试(使用-Djavax.net.debug=ssl:handshake),并得到了以下信息:

X509KeyManager passed to SSLContext.init():  need an X509ExtendedKeyManager for SSLEngine use
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, setSoTimeout(3600000) called
%% No cached client session
*** ClientHello, SSLv3
RandomCookie:  GMT: 1330544609 bytes = { 141, 119, 147, 122, 40, 183, 52, 147, 58, 49, 199, 147, 190, 160, 8, 252, 253, 194, 196, 96, 220, 88, 240, 200, 69, 210, 123, 127 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, WRITE: SSLv3 Handshake, length = 163
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, READ: SSLv3 Alert, length = 2
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, RECV TLSv1 ALERT:  fatal, handshake_failure
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called closeSocket()
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called close()
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called closeInternal(true)
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called close()
Handling GET /jenkins/job/projectName/descriptorByName/hudson.scm.SubversionSCM/checkRemote : TP-Processor3, called closeInternal(true)

我尝试-Dhttps.protocols=SSLv3按照这篇文章中的说明在tomcat中添加属性,但仍然出现相同的错误。

在这一点上,我对发生的事情完全感到困惑。不幸的是,我不是完全了解SSL调试信息的SSL专家。有人对如何纠正此错误有任何想法吗?


阅读 403

收藏
2020-07-25

共1个答案

小编典典

因此,处理服务器上的SSL配置似乎是一个问题。显然,由于某些原因,SVNKit无法与TLSv1一起使用。

我们的初始配置是仅允许TLSv1:

SSLProtocol -all +TLSv1

因此,解决方法是启用TLSv1和SSLv3:

SSLProtocol -all +SSLv3 +TLSv1
2020-07-25