Contents

  1. Supported system properties and configuration options
    1. HTTP proxy setup
    2. SVN+SSH authentication with Subclipse
    3. SVN+SSH authentication with private key
    4. SVN+SSH authentication with private key in Eclipse
    5. SSL Connections
    6. Trusting SSL Certificates
    7. Client SSL authentication
    8. HTTP authentication cache
    9. Working copy upgrade

Supported system properties and configuration options

This section contains information on configuring the SVNKit library - in order that one can adjust the library up to his individual wishes. Here you will find information on what configuration files SVNKit uses during runtime, what system properties are used in that case when config files are not available, and so on.

HTTP proxy setup

By default SVNKit uses proxy settings from the servers configuration file that is located in the default Subversion run-time configuration area.

Default configuration area is located at ~/.subversion on Linux and OS X and at C:\Documents and Settings\userName\Application Data\Subversion on Windows. You may read more on Subversion client configuration files in the Subversion Book.

SVN+SSH authentication with Subclipse

If you're using SVNKit with Subclipse version 0.9.37 or newer there is no need to use system properties to define SSH credentials, Subclipse will automatically prompt you for private key or password during establishing SSH connection.

SVN+SSH authentication with private key

By default SVNKit tries to obtain all necessary information from the [tunnels] section of the config file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, SVNKit tries then to use predefined system properties listed beneath.

SVNKit uses a pure java Ganymed library to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let SVNKit know about your private key and passphrase: 

svnkit.ssh2.key = /path/to/private/key/file 
svnkit.ssh2.username = userName  
svnkit.ssh2.passphrase = optionalPassphrase 
svnkit.ssh2.password = userpassword
svnkit.ssh2.port = optionalPort

SVN+SSH authentication with private key in Eclipse

When starting Eclipse you can provide the above properties like this: 

$ eclipse -vmargs \ 
-Dsvnkit.ssh2.key=/path/to/private/key/file \
-Dsvnkit.ssh2.username=userName \ 
-Dsvnkit.ssh2.passphrase=optionalPassphrase \
-Dsvnkit.ssh2.password=userpassword \
-Dsvnkit.ssh2.port=optionalPort

{i} Note: a user name for an ssh connection will be taken from SVN Repository properties.

To avoid special batch script creation to launch Eclipse you may define ssh related properties in Eclipse config.ini file - ECLIPSE_HOME/configuration/config.ini (tip provided by Andrew Berman): 

  ...
  svnkit.ssh2.key=path/to/private/key/file
  svnkit.ssh2.passphrase=passphrase
  svnkit.ssh2.username=username
  svnkit.ssh2.password=userpassword 
  svnkit.ssh2.port=port

SSL Connections

SVNKit uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a Subversion repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read this article for more details on how to install JCE.

Trusting SSL Certificates

If SVNKit is used as a standalone library and no custom authentication provider is registered, SVNKit: 

### 'ssl-authority-files' is a semicolon-delimited list of files,
### each pointing to a PEM-encoded Certificate Authority (CA) 
### SSL certificate.
ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem

### 'ssl-trust-default-ca'       Trust the system 'default' CAs
ssl-trust-default-ca = yes

Client SSL authentication

In the Subversion servers configuration file you can specify your SSL authentication certificate files for a specific group: 

ssl-client-cert-file=      PKCS#12 format client certificate file
ssl-client-cert-password=  Client Key password, if needed.

Read more information on this options in the Subversion book.

Also you can set the following system properties to define global SSL authentication certificate files: 

svnkit.ssl.client-cert-file=     PKCS#12 format client certificate file
svnkit.ssl.client-cert-password= Client Key password, if needed.

HTTP authentication cache

To disable caching of any authentication data during HTTP operations you can provide the following property: 

svnkit.http.keepCredentials=false

By default SVNKit keeps user credentials

Working copy upgrade

By default any write operation on a working copy upgrades it to the most recent format, currently it is subversion 1.5 working copy format. You can disable this behavior by specifying the system property: 

svnkit.upgradeWC = false

It also may be helpful for you to read this article concerned with working copy format

SVNKit_specific_system_properties (last edited 2009-05-22 23:25:06 by enrico)