Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31192

Subversion HTTPS + PKCS12 Certificate in CPU infinite loop

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      After upgrading to Jenkins 1.625.1 and switching to Java 8u60,
      one of our job configured to use mutual SSL authentication against a HTTPS Subversion repository produces the following behaviour:

      • the polling SCM thread consumes 100% in "endless" sun.security.pkcs12.PKCS12KeyStore.engineGetKey method
      • because of the lock hudson.scm.SubversionSCM$ModuleLocation held there, all SCM commit notification threads get stuck
      • as a result, the SCM thread pool gets exhausted and management page displays a warning

      In production, everything get stuck for 12 hours before we had to restart Jenkins master.
      In test environment, we reproduced with both Java 7u80 and Java 8u60.
      The issue persists even after replacing default "Sun" security provider by "BouncyCastle" to use alternate PKCS#12, SHA and DES implementations.

        Attachments

          Issue Links

            Activity

            Hide
            recena Manuel Recena Soto added a comment -

            Yves Martin, I could not reproduce this bug. Probably different Subversion Server configuration. I used SVN + HTTPs offered by Assembla.

            Show
            recena Manuel Recena Soto added a comment - Yves Martin , I could not reproduce this bug. Probably different Subversion Server configuration. I used SVN + HTTPs offered by Assembla.
            Hide
            ymartin1040 Yves Martin added a comment - - edited
            Show
            ymartin1040 Yves Martin added a comment - - edited Pending pull request: https://github.com/jenkinsci/subversion-plugin/pull/147
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Yves Martin
            Path:
            src/main/java/hudson/scm/CredentialsSVNAuthenticationProviderImpl.java
            src/main/java/hudson/scm/SubversionSCM.java
            http://jenkins-ci.org/commit/subversion-plugin/86e18b3e1b340fb1fe88296a8bf070fbc4ae2cdf
            Log:
            JENKINS-31192 Fix HTTPS SSL client certificate authentication

            Take benefits of new SVNKit 1.8.11 SVNSSLAuthentication methods to properly
            support byte array PKCS#12 certificate usage.

            Resolves: JENKINS-31192

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yves Martin Path: src/main/java/hudson/scm/CredentialsSVNAuthenticationProviderImpl.java src/main/java/hudson/scm/SubversionSCM.java http://jenkins-ci.org/commit/subversion-plugin/86e18b3e1b340fb1fe88296a8bf070fbc4ae2cdf Log: JENKINS-31192 Fix HTTPS SSL client certificate authentication Take benefits of new SVNKit 1.8.11 SVNSSLAuthentication methods to properly support byte array PKCS#12 certificate usage. Resolves: JENKINS-31192
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            pom.xml
            src/main/java/hudson/scm/CredentialsSVNAuthenticationProviderImpl.java
            src/main/java/hudson/scm/SubversionSCM.java
            http://jenkins-ci.org/commit/subversion-plugin/ae4ae6408801cc6e14aa3f8f1586e2a19929224c
            Log:
            Merge pull request #147 from ymartin59/JENKINS-31192

            JENKINS-31192 HTTPS + PKCS12 Certificate in CPU infinite loop

            Compare: https://github.com/jenkinsci/subversion-plugin/compare/3141a0947ac9...ae4ae6408801

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: pom.xml src/main/java/hudson/scm/CredentialsSVNAuthenticationProviderImpl.java src/main/java/hudson/scm/SubversionSCM.java http://jenkins-ci.org/commit/subversion-plugin/ae4ae6408801cc6e14aa3f8f1586e2a19929224c Log: Merge pull request #147 from ymartin59/ JENKINS-31192 JENKINS-31192 HTTPS + PKCS12 Certificate in CPU infinite loop Compare: https://github.com/jenkinsci/subversion-plugin/compare/3141a0947ac9...ae4ae6408801
            Hide
            recena Manuel Recena Soto added a comment -

            Thanks to Yves Martin to solve this bug.

            Show
            recena Manuel Recena Soto added a comment - Thanks to Yves Martin to solve this bug.

              People

              • Assignee:
                ymartin1040 Yves Martin
                Reporter:
                ymartin1040 Yves Martin
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: