|
Size: 4725
Comment:
|
Size: 4969
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 11: | Line 11: |
| If you're using '''SVNKit''' with [http://subclipse.tigris.org Subclipse] version 0.9.37 or newer there is no need to use system properties to define SSH credentials, Subclipse will automatically prompt you for private key or password during establishing SSH connection. | If you're using '''SVNKit''' with [http://subclipse.tigris.org Subclipse] version 0.9.37 or newer there is no need to use system properties to define SSH credentials, [http://subclipse.tigris.org Subclipse] will automatically prompt you for private key or password during establishing SSH connection. |
| Line 26: | Line 26: |
| When starting Eclipse you can provide the above properties like this: | When starting [http://eclipse.org Eclipse] you can provide the above properties like this: |
| Line 38: | Line 38: |
| To avoid special batch script creation to launch Eclipse you may define ssh related properties in Eclipse config.ini file - {{{ECLIPSE_HOME/configuration/config.ini}}} (tip provided by Andrew Berman): | To avoid special batch script creation to launch [http://eclipse.org Eclipse] you may define ssh related properties in [http://eclipse.org Eclipse] config.ini file - {{{ECLIPSE_HOME/configuration/config.ini}}} (tip provided by Andrew Berman): |
| Line 49: | Line 49: |
| '''SVNKit''' uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a Subversion repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read [http://java.sun.com/products/jce/javase.html this article] for more details on how to install JCE. | '''SVNKit''' uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a [http://subversion.tigris.org Subversion] repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read [http://java.sun.com/products/jce/javase.html this article] for more details on how to install JCE. |
| Line 67: | Line 67: |
| Client SSL authentication In the Subversion servers configuration file you can specify your SSL authentication certificate files for a specific group: |
== Client SSL authentication == In the [http://subversion.tigris.org Subversion] ''servers'' configuration file you can specify your SSL authentication certificate files for a specific group: {{{ |
| Line 72: | Line 72: |
| Read more information on this options in the Subversion book. | }}} Read more information on this options in the [http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-7-sect-1.3 Subversion book]. |
Supported system properties and configuration options
This section contains information on configuring the SVNKit library - in order that one can adjust the library up to his individual wishes. Here you will find information on what configuration files SVNKit uses during runtime, what system properties are used in that case when config files are not available, and so on.
HTTP proxy setup
By default SVNKit uses proxy settings from the servers configuration file that is located in the default [http://subversion.tigris.org Subversion] run-time configuration area.
Default configuration area is located at ~/.subversion on Linux and OS X and at C:\Documents and Settings\userName\Application Data\Subversion on Windows. You may read more on Subversion client configuration files in the [http://svnbook.red-bean.com/en/1.1/ch07.html#svn-ch-7-sect-1 Subversion Book].
SVN+SSH authentication whith Subclipse
If you're using SVNKit with [http://subclipse.tigris.org Subclipse] version 0.9.37 or newer there is no need to use system properties to define SSH credentials, [http://subclipse.tigris.org Subclipse] will automatically prompt you for private key or password during establishing SSH connection.
SVN+SSH authentication with private key
By default SVNKit tries to obtain all necessary information from the [tunnels] section of the config file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, SVNKit tries then to use predefined system properties listed beneath.
SVNKit uses a pure java [http://www.ganymed.ethz.ch/ssh2 Ganymed library] to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let SVNKit know about your private key and passphrase:
svnkit.ssh2.key = /path/to/private/key/file svnkit.ssh2.username = userName svnkit.ssh2.passphrase = optionalPassphrase svnkit.ssh2.password = userpassword svnkit.ssh2.port = optionalPort
SVN+SSH authentication with private key in Eclipse
When starting [http://eclipse.org Eclipse] you can provide the above properties like this:
$ eclipse -vmargs \ -Dsvnkit.ssh2.key=/path/to/private/key/file \ -Dsvnkit.ssh2.username=userName \ -Dsvnkit.ssh2.passphrase=optionalPassphrase \ -Dsvnkit.ssh2.password=userpassword \ -Dsvnkit.ssh2.port=optionalPort
Note: a user name for an ssh connection will be taken from SVN Repository properties.
To avoid special batch script creation to launch [http://eclipse.org Eclipse] you may define ssh related properties in [http://eclipse.org Eclipse] config.ini file - ECLIPSE_HOME/configuration/config.ini (tip provided by Andrew Berman):
... svnkit.ssh2.key=path/to/private/key/file svnkit.ssh2.passphrase=passphrase svnkit.ssh2.username=username svnkit.ssh2.password=userpassword svnkit.ssh2.port=port
SSL Connections
SVNKit uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a [http://subversion.tigris.org Subversion] repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read [http://java.sun.com/products/jce/javase.html this article] for more details on how to install JCE.
Trusting SSL Certificates
If SVNKit is used as a standalone library and no custom authentication provider is registered, SVNKit:
- by default trusts all SSL servers, though it doesn't cache server certificates;
- or uses a default JDK certificates storage to get SSL certificates of the trusted servers;
and additionally it uses authority certificate files listed in the [http://subversion.tigris.org Subversion] servers configuration file in these options:
### 'ssl-authority-files' is a semicolon-delimited list of files, ### each pointing to a PEM-encoded Certificate Authority (CA) ### SSL certificate. ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem ### 'ssl-trust-default-ca' Trust the system 'default' CAs ssl-trust-default-ca = yes
Client SSL authentication
In the [http://subversion.tigris.org Subversion] servers configuration file you can specify your SSL authentication certificate files for a specific group:
ssl-client-cert-file= PKCS#12 format client certificate file ssl-client-cert-password= Client Key password, if needed.
Read more information on this options in the [http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-7-sect-1.3 Subversion book].