1. Sebastian Sebastian
  2. scm-manager

Issues

Issue #84 resolved

Mercurial + https problem [SCM-Manager 1.10]

legotron
created an issue

Hi everyone,

I wanted to configure SCM-Manager to mercurial access via https. Almost everything was good, but suddenly I got this error: {{{ $ hg clone --debug https://oleg@localhost:8181/scm/hg/plaz_test using https://localhost:8181/scm/hg/plaz_test http auth: user oleg, password not set sending capabilities command abort: error: _ssl.c:503: EOF occurred in violation of protocol }}}

Or if I set the password explicit, too: {{{ $ hg clone --debug https://oleg:*localhost:8181/scm/hg/plaz_test using https://localhost:8181/scm/hg/plaz_test http auth: user oleg, password * sending capabilities command abort: error: _ssl.c:503: EOF occurred in violation of protocol }}}

My system: Ubuntu 11.10 {{{ $ uname -a Linux oleg-work 3.0.0-14-generic #23-Ubuntu SMP Mon Nov 21 20:34:47 UTC 2011 i686 i686 i386 GNU/Linux

$ java -version java version "1.6.0_23" OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10) OpenJDK Server VM (build 20.0-b11, mixed mode)

$ python --version Python 2.7.2+ }}}

What I did:

I downloaded scm-server-1.10-app.tar.gz and extract it

done as described in the https://bitbucket.org/sdorra/scm-manager/wiki/scm-server-ssl

my scm-server/conf/server-config.xml:

{{{ $ cat server-config.xml <?xml version="1.0" encoding="UTF-8"?> <!--

Copyright (c) 2010, Sebastian Sdorra
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice,
   this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
   this list of conditions and the following disclaimer in the documentation
   and/or other materials provided with the distribution.
3. Neither the name of SCM-Manager; nor the names of its
   contributors may be used to endorse or promote products derived from this
   software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

http://bitbucket.org/sdorra/scm-manager

-->

<!-- Document : server-config.xml Created on : January 20, 2011, 6:05 PM Author : sdorra Description: Purpose of the document follows. -->

<Configure class="org.eclipse.jetty.server.Server">

<!-- <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <Set name="host"> <SystemProperty name="jetty.host" /> </Set> <Set name="port"> <SystemProperty name="jetty.port" default="8080" /> </Set> <Set name="requestHeaderSize">16384</Set> --> <!-- for mod_proxy --> <!-- <Set name="forwarded">true</Set> --> <!-- </New> </Arg> </Call> -->

<New id="scm-webapp" class="org.eclipse.jetty.webapp.WebAppContext"> <Set name="contextPath">/scm</Set> <Set name="war"><SystemProperty name="basedir" default="."/>/var/webapp/scm-webapp.war</Set> </New>

<New id="docroot" class="org.eclipse.jetty.webapp.WebAppContext"> <Set name="contextPath">/</Set> <Set name="baseResource"> <New class="org.eclipse.jetty.util.resource.ResourceCollection"> <Arg> <Array type="java.lang.String"> <Item><SystemProperty name="basedir" default="."/>/var/webapp/docroot</Item> </Array> </Arg> </New> </Set> </New>

<Set name="handler"> <New class="org.eclipse.jetty.server.handler.HandlerCollection"> <Set name="handlers"> <Array type="org.eclipse.jetty.server.Handler"> <Item> <Ref id="scm-webapp" /> </Item> <Item> <Ref id="docroot" /> </Item> </Array> </Set> </New> </Set>

<!-- mod_proxy_ajp or mod_jk --> <!-- <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.ajp.Ajp13SocketConnector"> <Set name="port">8009</Set> </New> </Arg> </Call> -->

<!-- SSL-Connector --> <!-- Documentation for the SSL-Connector: http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors -->

<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Set name="Port">8181</Set> <Set name="maxIdleTime">30000</Set> <Set name="requestHeaderSize">16384</Set> <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set> <Set name="password">onlis2006</Set> <Set name="keyPassword">onlis2006</Set> <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set> <Set name="trustPassword">onlis2006</Set> </New> </Arg> </Call>

<!-- JMX support --> <!-- <Call id="MBeanServer" class="java.lang.management.ManagementFactory" name="getPlatformMBeanServer" />

<New id="MBeanContainer" class="org.eclipse.jetty.jmx.MBeanContainer"> <Arg> <Ref id="MBeanServer" /> </Arg> </New>

<Get id="Container" name="container"> <Call name="addEventListener"> <Arg> <Ref id="MBeanContainer" /> </Arg> </Call> </Get> -->

</Configure>

}}}

  • success makes repository in web-GUI
  • success view hg-repo in browser
  • when I try to clone repository via HTTPS I've got upper messages output with traceback:

{{{ $ hg clone --debug --traceback https://oleg:*localhost:8181/scm/hg/plaz_test using https://localhost:8181/scm/hg/plaz_test http auth: user oleg, password * sending capabilities command Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 87, in _runcatch return _dispatch(req) File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 684, in _dispatch cmdpats, cmdoptions) File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 466, in runcommand ret = _runcommand(ui, options, cmd, d) File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 738, in _runcommand return checkargs() File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 692, in checkargs return cmdfunc() File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 681, in <lambda> d = lambda: util.checksignature(func)(ui, args, cmdoptions) File "/usr/lib/pymodules/python2.7/mercurial/util.py", line 454, in check return func(*args, kwargs) File "/usr/lib/pymodules/python2.7/mercurial/commands.py", line 1137, in clone branch=opts.get('branch')) File "/usr/lib/pymodules/python2.7/mercurial/hg.py", line 247, in clone srcrepo = repository(remoteui(ui, peeropts), source) File "/usr/lib/pymodules/python2.7/mercurial/hg.py", line 93, in repository repo = _peerlookup(path).instance(ui, path, create) File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 236, in instance inst._fetchcaps() File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 57, in _fetchcaps self.caps = set(self._call('capabilities').split()) File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 169, in _call fp = self._callstream(cmd, args) File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 117, in _callstream resp = self.urlopener.open(req) File "/usr/lib/python2.7/urllib2.py", line 394, in open response = self._open(req, data) File "/usr/lib/python2.7/urllib2.py", line 412, in _open '_open', req) File "/usr/lib/python2.7/urllib2.py", line 372, in _call_chain result = func(args) File "/usr/lib/pymodules/python2.7/mercurial/url.py", line 362, in https_open return self.do_open(self._makeconnection, req) File "/usr/lib/pymodules/python2.7/mercurial/keepalive.py", line 259, in do_open raise urllib2.URLError(err) URLError: <urlopen error [Errno 8] _ssl.c:503: EOF occurred in violation of protocol> abort: error: _ssl.c:503: EOF occurred in violation of protocol }}}

scm-server log: {{{ $ ./scm-server 2011-12-29 14:37:36.569:INFO:oejs.Server:jetty-7.5.4.v20111024 2011-12-29 14:37:36.848:INFO:oejw.WebInfConfiguration:Extract jar:file:/home/oleg/install/linux/scm-server/var/webapp/scm-webapp.war!/ to /tmp/jetty-0.0.0.0-8181-scm-webapp.war-_scm-any-/webapp 2011-12-29 14:37:38.556:INFO:oejw.StandardDescriptorProcessor:NO JSP Support for /scm, did not find org.apache.jasper.servlet.JspServlet 14:37:38.859 [main] WARN sonia.scm.boot.BootstrapListener - fallback to default classloader 14:37:38.871 [main] INFO sonia.scm.plugin.DefaultPluginLoader - load core plugin /tmp/jetty-0.0.0.0-8181-scm-webapp.war-_scm-any-/webapp/WEB-INF/lib/scm-git-plugin-1.10.jar 14:37:39.178 [main] INFO sonia.scm.plugin.DefaultPluginLoader - load core plugin /tmp/jetty-0.0.0.0-8181-scm-webapp.war-_scm-any-/webapp/WEB-INF/lib/scm-svn-plugin-1.10.jar 14:37:39.180 [main] INFO sonia.scm.plugin.DefaultPluginLoader - load core plugin /tmp/jetty-0.0.0.0-8181-scm-webapp.war-_scm-any-/webapp/WEB-INF/lib/scm-hg-plugin-1.10.jar 14:37:39.258 [main] INFO sonia.scm.BindingExtensionProcessor - add GuiceModule sonia.scm.web.HgServletModule 14:37:39.258 [main] INFO sonia.scm.BindingExtensionProcessor - add GuiceModule sonia.scm.web.GitServletModule 14:37:39.258 [main] INFO sonia.scm.BindingExtensionProcessor - add GuiceModule sonia.scm.web.SvnServletModule 14:37:39.399 [main] INFO sonia.scm.util.ScmConfigurationUtil - load ScmConfiguration from file /home/oleg/.scm/config/config.xml 14:37:39.529 [main] INFO sonia.scm.BindingExtensionProcessor - bind RepositoryHandler sonia.scm.repository.HgRepositoryHandler 14:37:39.529 [main] INFO sonia.scm.BindingExtensionProcessor - bind RepositoryHandler sonia.scm.repository.SvnRepositoryHandler 14:37:39.529 [main] INFO sonia.scm.BindingExtensionProcessor - bind RepositoryHandler sonia.scm.repository.GitRepositoryHandler 14:37:39.560 [main] INFO sonia.scm.ScmServletModule - configure jersey with package path: sonia.scm 14:37:39.869 [main] INFO sonia.scm.repository.xml.XmlRepositoryManager - added RepositoryHandler class sonia.scm.repository.HgRepositoryHandler for type Type{name=hg, displayName=Mercurial} 14:37:39.885 [main] INFO sonia.scm.repository.xml.XmlRepositoryManager - added RepositoryHandler class sonia.scm.repository.SvnRepositoryHandler for type Type{name=svn, displayName=Subversion} 14:37:39.887 [main] INFO sonia.scm.repository.xml.XmlRepositoryManager - added RepositoryHandler class sonia.scm.repository.GitRepositoryHandler for type Type{name=git, displayName=Git} 2011-12-29 14:37:40.001:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{/scm,file:/tmp/jetty-0.0.0.0-8181-scm-webapp.war-_scm-any-/webapp/},/home/oleg/install/linux/scm-server/var/webapp/scm-webapp.war 14:37:40.002 [main] INFO sonia.scm.boot.BootstrapFilter - fallback to default classloader for GuiceFilter Dec 29, 2011 2:37:40 PM com.sun.jersey.api.core.PackagesResourceConfig init INFO: Scanning for root resource and provider classes in the packages: sonia.scm Dec 29, 2011 2:37:40 PM com.sun.jersey.api.core.ScanningResourceConfig logClasses INFO: Root resource classes found: class sonia.scm.api.rest.resources.AuthenticationResource class sonia.scm.api.rest.resources.HgConfigResource class sonia.scm.api.rest.resources.GitConfigResource class sonia.scm.api.rest.resources.GroupResource class sonia.scm.api.rest.resources.ChangePasswordResource class sonia.scm.api.rest.resources.RepositoryResource class sonia.scm.api.rest.resources.SvnConfigResource class sonia.scm.api.rest.resources.PluginResource class sonia.scm.api.rest.resources.SearchResource class sonia.scm.api.rest.resources.UserResource class sonia.scm.api.rest.resources.ConfigurationResource Dec 29, 2011 2:37:40 PM com.sun.jersey.api.core.ScanningResourceConfig logClasses INFO: Provider classes found: class sonia.scm.api.rest.ScmSecurityExceptionMapper Dec 29, 2011 2:37:40 PM com.sun.jersey.server.impl.application.WebApplicationImpl _initiate INFO: Initiating Jersey application, version 'Jersey: 1.11 12/09/2011 11:05 AM' Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.ConfigurationResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.GroupResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.RepositoryResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.UserResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.AuthenticationResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.ChangePasswordResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.SearchResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.PluginResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.GitConfigResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.SvnConfigResource to GuiceInstantiatedComponentProvider Dec 29, 2011 2:37:40 PM com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory getComponentProvider INFO: Binding sonia.scm.api.rest.resources.HgConfigResource to GuiceInstantiatedComponentProvider 2011-12-29 14:37:40.931:INFO:oejw.StandardDescriptorProcessor:NO JSP Support for /, did not find org.apache.jasper.servlet.JspServlet 2011-12-29 14:37:40.932:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{/,[file:/home/oleg/install/linux/scm-server/var/webapp/docroot/]} 2011-12-29 14:37:41.044:INFO:oejhs.SslContextFactory:Enabled Protocols [SSLv2Hello, TLSv1, SSLv3] of [SSLv2Hello, SSLv3, TLSv1] 2011-12-29 14:37:41.054:INFO:oejs.AbstractConnector:Started SslSelectChannelConnector@0.0.0.0:8181 STARTING 2011-12-29 14:38:13.348:WARN:oejut.QueuedThreadPool: java.lang.RuntimeException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1028) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:508) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1136) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1108) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.wrap(SslSelectChannelEndPoint.java:642) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:309) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.close(SslSelectChannelEndPoint.java:354) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.shutdownOutput(SslSelectChannelEndPoint.java:196) at org.eclipse.jetty.io.AbstractConnection.idleExpired(AbstractConnection.java:42) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.idleExpired(SelectChannelEndPoint.java:282) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.checkIdleTimestamp(SelectChannelEndPoint.java:276) at org.eclipse.jetty.io.nio.SelectorManager$SelectSet$2.run(SelectorManager.java:713) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) at java.lang.Thread.run(Thread.java:679) Caused by: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:323) at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:673) at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63) at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:991) at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:872) at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:801) at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:576) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:170) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609) at sun.security.ssl.Handshaker$1.run(Handshaker.java:549) at sun.security.ssl.Handshaker$1.run(Handshaker.java:547) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:968) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:283) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:398) at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:949) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:274) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) at java.lang.Thread.run(Thread.java:679) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method) at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:314) at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:673) at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63) at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:991) at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:872) at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:801) at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:576) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:170) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609) at sun.security.ssl.Handshaker$1.run(Handshaker.java:549) at sun.security.ssl.Handshaker$1.run(Handshaker.java:547) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:968) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:283) at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:398) at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:949) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:274) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) at java.lang.Thread.run(Thread.java:679)

}}}

Comments (10)

  1. Sebastian Sebastian repo owner

    Hi this issue looks like you are trying to access scm-manager with a other servername as configured in the servername section (CN) of the keystore. Could you post the output of the following command:

    keytool -list -keystore /path/to/your/keystore

  2. legotron reporter
    oleg@oleg-work:~/install/linux/scm-server/conf$ ls
    total 28
    drwxrwxr-x 2 oleg oleg 4096 2011-12-29 11:53 .
    drwxrwxr-x 7 oleg oleg 4096 2011-12-26 18:59 ..
    -rw-rw-r-- 1 oleg oleg  877 2011-12-29 11:53 cert.pem
    -rw-rw-r-- 1 oleg oleg 1375 2011-12-29 11:50 keystore.jks
    -rw-r--r-- 1 oleg oleg 3025 2011-12-26 18:51 logging.xml
    -rwxrwxr-x 1 oleg oleg 4837 2011-12-29 12:32 server-config.xml
    
    oleg@oleg-work:~/install/linux/scm-server/conf$ keytool -list -keystore keystore.jks 
    Enter keystore password:  
    
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 1 entry
    
    scm, Dec 29, 2011, PrivateKeyEntry, 
    Certificate fingerprint (MD5): 17:59:81:36:3F:E2:46:2C:F9:AB:5D:8F:89:3A:C1:42
    

    update: What is your first and last name? [Unknown]: *servername*

    I didn't noticed "servername" and answer truth :) My (CN) is "Oleg Trenkin"

    1. How can I revert this operation to change parameters? 2. What CN need I set on local machine -- "localhost"?

  3. legotron reporter
    $ keytool -list -keystore keystore.jks -v
    Enter keystore password:  
    
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 1 entry
    
    Alias name: scm
    Creation date: Dec 29, 2011
    Entry type: PrivateKeyEntry
    Certificate chain length: 1
    Certificate[1]:
    Owner: CN=Oleg Trenkin, OU=Unknown, O=PLAZ, L=Saint-Petersburg, ST=Unknown, C=RU
    Issuer: CN=Oleg Trenkin, OU=Unknown, O=PLAZ, L=Saint-Petersburg, ST=Unknown, C=RU
    Serial number: 4efc1bd6
    Valid from: Thu Dec 29 11:50:46 MSK 2011 until: Wed Mar 28 11:50:46 MSK 2012
    Certificate fingerprints:
    	 MD5:  17:59:81:36:3F:E2:46:2C:F9:AB:5D:8F:89:3A:C1:42
    	 SHA1: 08:20:95:C7:60:5E:CA:FA:34:59:DC:78:0E:E4:43:88:6C:12:13:60
    	 Signature algorithm name: SHA1withRSA
    	 Version: 3
    
    
    *******************************************
    *******************************************
    
    
    
    
  4. Sebastian Sebastian repo owner

    The problem is than the CN part of "CN=Oleg Trenkin, OU=Unknown, O=PLAZ, L=Saint-Petersburg, ST=Unknown, C=RU" should be the hostname of the server.

    I don't know how to change parameters, i think it is simpler to create a new keystore. You could use localhost as servername for tests. But it makes no sense to use localhost for production.

  5. legotron reporter

    I recreated keystore, but unfortunately the situation has not changed :( new keystore:

    $ keytool -list -keystore keystore.jks -v
    Enter keystore password:  
    
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 1 entry
    
    Alias name: scm
    Creation date: Dec 29, 2011
    Entry type: PrivateKeyEntry
    Certificate chain length: 1
    Certificate[1]:
    Owner: CN=localhost, OU=Unknown, O=PLAZ, L=Saint-Petersburg, ST=Unknown, C=RU
    Issuer: CN=localhost, OU=Unknown, O=PLAZ, L=Saint-Petersburg, ST=Unknown, C=RU
    Serial number: 4efc5203
    Valid from: Thu Dec 29 15:41:55 MSK 2011 until: Wed Mar 28 15:41:55 MSK 2012
    Certificate fingerprints:
    	 MD5:  A0:19:8E:9E:DB:C6:C8:7A:36:71:5A:04:77:08:CF:97
    	 SHA1: 3C:BC:DD:83:4A:1F:C2:5F:A6:66:6A:B0:67:E3:1B:B7:6E:6F:58:7E
    	 Signature algorithm name: SHA1withRSA
    	 Version: 3
    
    
    *******************************************
    *******************************************
    
    
    
    

    same errors:

    2011-12-29 15:47:11.965:WARN:oejut.QueuedThreadPool:
    java.lang.RuntimeException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
    	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1028)
    	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:508)
    	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1136)
    	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1108)
    	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.wrap(SslSelectChannelEndPoint.java:642)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:309)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.close(SslSelectChannelEndPoint.java:354)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.shutdownOutput(SslSelectChannelEndPoint.java:196)
    	at org.eclipse.jetty.io.AbstractConnection.idleExpired(AbstractConnection.java:42)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.idleExpired(SelectChannelEndPoint.java:282)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.checkIdleTimestamp(SelectChannelEndPoint.java:276)
    	at org.eclipse.jetty.io.nio.SelectorManager$SelectSet$2.run(SelectorManager.java:713)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
    	at java.lang.Thread.run(Thread.java:679)
    Caused by: 
    java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
    	at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:323)
    	at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:673)
    	at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)
    	at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:991)
    	at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:872)
    	at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:801)
    	at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:576)
    	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:170)
    	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
    	at sun.security.ssl.Handshaker$1.run(Handshaker.java:549)
    	at sun.security.ssl.Handshaker$1.run(Handshaker.java:547)
    	at java.security.AccessController.doPrivileged(Native Method)
    	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:968)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:283)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:398)
    	at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:949)
    	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:274)
    	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218)
    	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
    	at java.lang.Thread.run(Thread.java:679)
    Caused by: 
    sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
    	at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method)
    	at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:314)
    	at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:673)
    	at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)
    	at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:991)
    	at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:872)
    	at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:801)
    	at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:576)
    	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:170)
    	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
    	at sun.security.ssl.Handshaker$1.run(Handshaker.java:549)
    	at sun.security.ssl.Handshaker$1.run(Handshaker.java:547)
    	at java.security.AccessController.doPrivileged(Native Method)
    	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:968)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:283)
    	at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:398)
    	at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:949)
    	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:274)
    	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218)
    	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
    	at java.lang.Thread.run(Thread.java:679)
    
    $ hg clone --debug --traceback --insecure https://oleg:*********@localhost:8181/scm/hg/plaz_test
    using https://localhost:8181/scm/hg/plaz_test
    http auth: user oleg, password *********
    sending capabilities command
    Traceback (most recent call last):
      File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 87, in _runcatch
        return _dispatch(req)
      File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 684, in _dispatch
        cmdpats, cmdoptions)
      File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 466, in runcommand
        ret = _runcommand(ui, options, cmd, d)
      File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 738, in _runcommand
        return checkargs()
      File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 692, in checkargs
        return cmdfunc()
      File "/usr/lib/pymodules/python2.7/mercurial/dispatch.py", line 681, in <lambda>
        d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
      File "/usr/lib/pymodules/python2.7/mercurial/util.py", line 454, in check
        return func(*args, **kwargs)
      File "/usr/lib/pymodules/python2.7/mercurial/commands.py", line 1137, in clone
        branch=opts.get('branch'))
      File "/usr/lib/pymodules/python2.7/mercurial/hg.py", line 247, in clone
        srcrepo = repository(remoteui(ui, peeropts), source)
      File "/usr/lib/pymodules/python2.7/mercurial/hg.py", line 93, in repository
        repo = _peerlookup(path).instance(ui, path, create)
      File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 236, in instance
        inst._fetchcaps()
      File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 57, in _fetchcaps
        self.caps = set(self._call('capabilities').split())
      File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 169, in _call
        fp = self._callstream(cmd, **args)
      File "/usr/lib/pymodules/python2.7/mercurial/httprepo.py", line 117, in _callstream
        resp = self.urlopener.open(req)
      File "/usr/lib/python2.7/urllib2.py", line 394, in open
        response = self._open(req, data)
      File "/usr/lib/python2.7/urllib2.py", line 412, in _open
        '_open', req)
      File "/usr/lib/python2.7/urllib2.py", line 372, in _call_chain
        result = func(*args)
      File "/usr/lib/pymodules/python2.7/mercurial/url.py", line 362, in https_open
        return self.do_open(self._makeconnection, req)
      File "/usr/lib/pymodules/python2.7/mercurial/keepalive.py", line 259, in do_open
        raise urllib2.URLError(err)
    URLError: <urlopen error [Errno 8] _ssl.c:503: EOF occurred in violation of protocol>
    abort: error: _ssl.c:503: EOF occurred in violation of protocol
    
  6. legotron reporter

    Yes, it may be OpenJDK bug.

    I tried with Sun Java:

    $ java -version 
    java version "1.6.0_26"
    Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
    Java HotSpot(TM) Server VM (build 20.1-b02, mixed mode)
    
    $ hg clone https://oleg@localhost:8181/scm/hg/plaz_test plaz_test5
    requesting all changes
    adding changesets
    adding manifests
    adding file changes
    added 3 changesets with 3 changes to 2 files
    updating to branch default
    2 files updated, 0 files merged, 0 files removed, 0 files unresolved
    

    Clone procedure SUCCESS :) Thank you very much for quick help!

    P.S. It now remains to connect with LDAP and happiness will come. Awesome system!

  7. Log in to comment