[Subclipse-dev] Patch for MSCAPI support, when using SVNKIt

From: Markus Oberlassnig <Markus.Oberlassnig_at_ilogs.com>
Date: Fri, 23 Apr 2010 13:29:46 +0200

Hello,

the attached patch is based on the trunk of org.tigris.subversion.subclipse.ui

The Patch supports using windows keystore (MS crypto API or MSCAPI) for getting the personal client certificate, if requested from the server. Instead of using a ".p12" file.

Description:
Since Revision 6629 of SVNKit branch 1.3.x, MS CAPI is supported for providers SunMSCAPI and keyon CAPI (for older Java Versions).
SVNKit expects either a certificate file (p12) or the String "MSCAPI" (which indicates, that the windows store should be used).
If the user knows that he has more than one matching certificates in the keystore, he can select an alias -> then SVNKit expects following string "MSCAPI;<alias>"

Here are some screenshot, to see how it works with subclipse:

[cid:image001.png_at_01CAE2E6.095F0CA0]

Optional you can also select a specific certificate from your store:
[cid:image002.png_at_01CAE2E6.095F0CA0]

[cid:image003.png_at_01CAE2E6.095F0CA0]

Problem with Java (provider SUNMSCapi)!
There is still one problem with Java. Described in this bug:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6578658
This causes an error on the server side.
If Java is patched with the stuff from http://www.abcpages.com/~mache/sunmscapi-with-NONEwithRSA.zip then it works fine with the Java Version > 1.6.0_15
(I have not tried version 1.6.0_14, but with 1.6.0_13 it does not work)

Without the fix, following error occurs on the server error log:
[Thu Apr 08 12:58:53 2010] [info] [client 192.168.78.178] SSL library error 1 in handshake (server svsol10:444)
[Thu Apr 08 12:58:53 2010] [info] SSL Library Error: 67567722 error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
[Thu Apr 08 12:58:53 2010] [info] SSL Library Error: 67530866 error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
[Thu Apr 08 12:58:53 2010] [info] SSL Library Error: 336101498 error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature
[Thu Apr 08 12:58:53 2010] [info] [client 192.168.78.178] Connection closed to child 0 with abortive shutdown (server svsol10:444)
[Thu Apr 08 12:58:53 2010] [info] [client 192.168.78.178] Connection to child 1 established (server svsol10:444)

With the fix, it works fine.

There is no problem, when using keyon CAPI!

Nice regards,
Markus

DI Markus Oberlassnig
Head of Professional Services
-------------------------------
ilogs information logistics GmbH
Krone Platz 1
9020 Klagenfurt am Wörthersee
Austria
www.ilogs.com<http://www.ilogs.com/>

T: +43 463 504 197 41
F: +43 463 504 197 55
M: +43 676 844 442 350

ilogs, the eProcess company

------------------------------------------------------
http://subclipse.tigris.org/ds/viewMessage.do?dsForumId=1043&dsMessageId=2593418

To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_subclipse.tigris.org].

application/octet-stream attachment: subclipse_ui.patch

Received on 2010-04-23 15:28:37 CEST

This message: [ Message body ]
Next message: elane pereira: "[Subclipse-dev] checkout of subclipse"
Previous message: Mark Phippard: "Re: [Subclipse-dev] Using svnClientAdapter"
Next in thread: Stephen Elsemore: "RE: [Subclipse-dev] Patch for MSCAPI support, when using SVNKIt"
Reply: Stephen Elsemore: "RE: [Subclipse-dev] Patch for MSCAPI support, when using SVNKIt"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]