After upgrading to Jenkins 1.625.1 and switching to Java 8u60,
one of our job configured to use mutual SSL authentication against a HTTPS Subversion repository produces the following behaviour:
- the polling SCM thread consumes 100% in "endless" sun.security.pkcs12.PKCS12KeyStore.engineGetKey method
- because of the lock hudson.scm.SubversionSCM$ModuleLocation held there, all SCM commit notification threads get stuck
- as a result, the SCM thread pool gets exhausted and management page displays a warning
In production, everything get stuck for 12 hours before we had to restart Jenkins master.
In test environment, we reproduced with both Java 7u80 and Java 8u60.
The issue persists even after replacing default "Sun" security provider by "BouncyCastle" to use alternate PKCS#12, SHA and DES implementations.