An SSL connection method for CVS (sserver)
Secure connection to CVS and CVSNT via SSL
Can work without any certificates on the client side (default)
Free (CPL license)
Using the CVS SSL plugin Eclipse can connect
to CVS and CVSNT over TCP/IP in a secure way with minimum installation effort.
New releases of CVSNT support the sserver protocol out-of-the-box.
The CVS SSL plugin has probably been tested by a few persons only. Or maybe a lot, but they didn't tell me...
Sun JRE 1.41 (because JSSE is included). JRE 1.31 might work if JSSE is installed separately, but I didn't check this out.
Eclipse 2.1, Eclipse 3.0 M8 or Eclipse 3.1. Please note that there are different downloads for Eclipse 2.1.x, Eclipse 3.0 M8 and Eclipse 3.1.
Windows NT, Windows XP, Linux. Windows 2000 should be ok too, though I don't have confirmation for Windows 2000. According to one user, Mac OS X 10.3 didn't work, but there was no further investigation.
CVSNT version 2.0.14 (because of sserver support). CVSNT 2.0.4 has also been reported to work.
There is also a patch providing sserver support for Unix CVS here. This is the one i.e. used by Freepository.
Download the Plug-in
Check this site for downloads and updates
Copy this plug-in into your Eclipse plugins folder and restart Eclipse.
After installation, there are two additional options named cvsnt-sserver and cvs-sserver available from the
connection type selection drop-down list in the settings for a CVS repository location. Selecting one of these protocols will use the sserver connection method for the repository location.
Use cvsnt-sserver for CVSNT sserver and cvs-sserver for sserver on Unix CVS.
In Preferences/Team/CVS there is an additional preference page named SSL Connection Method. This preference page works with either connection type. Here you specify which certificates and keys to use for SSL:
With the default settings you should be able to connect to CVSNT using sserver as if you were using pserver
and the SSL layer used with sserver only provides the encryption. The actual authentication against the server
still relies on the mechanisms known from pserver.
||Accepts all certificates from the server, no matter how these are signed. This is useful if you're only interested in the encrytion provided by SSL and just don't care about certificates.
||Use the truststore provided by standard/default Java settings for verifying server certificates.
||Provide a custom truststore for verifying server certificates.
||The file with the custom truststore
||The password for the custom truststore
||Use the keystore provided by standard/default Java settings for keeping client keys and certificates.
||Provide a custom keystore for keeping client keys and certificates.
||The file with the custom keystore
||The password for the custom keystore
During SSL handshake the Preferences/Team/CVS/Communication timeout value is used, which defaults to 60 seconds.
If you experience timeout problems you may try raising this value.
The whole traffic between client and server can be traced and printed to stdout. This is configured using the
.options file located in the CVS SSL plugin folder. The .options file defaults are:
rwi.eclipse.team.ccvs.ssl/debug = false
which disables logging the traffic. It can be enabled by setting the options to
rwi.eclipse.team.ccvs.ssl/debug/streams = false
rwi.eclipse.team.ccvs.ssl/debug = true
These options can also be set on the Tracing page of the PDE launcher if you start Eclipse from within Eclipse.
rwi.eclipse.team.ccvs.ssl/debug/streams = true
The trace output combines messages from the server and the client.
Messages sent by the client are prefixed with "C>"
and messages from the server are prefixed with "S>".
Enable SSL trace output in Java: -Djavax.net.debug=ssl,handshake
Specify a truststore in Java: -Djavax.net.ssl.trustStore="C:\Documents and Settings\PowerUser.N-24R6L74R14HJ2\.keystore" -Djavax.net.ssl.trustStorePassword=123456
Import a certificate into the default keystore: keytool -import -file my-cert.cer
The CVSNT documentation is here.
If you are interested in using your own certificates, consult the JavaTM Secure Socket Extension (JSSE) Reference Guide,
especially Installation and Customization.
Also don't miss keytool - Key and Certificate Management Tool.
For conversion between different certificate file formats you may use OpenSSL.
Then you can
create a *.cer file from a *.pem file: openssl x509 -in my-cert.pem -inform PEM -out my-cert.cer -outform DEN
create a *.pem file from a *.cer file: openssl x509 -in my-cert.cer -inform DEN -out my-cert.pem -outform PEM
You may send feedback concerning this plugin to Rolf Wilms (firstname.lastname@example.org).
I'm interested in bug reports but also like to know if it works for you.
Version 3.1.0, 2005-07-03
Some changes for compatibility with Eclipse 3.1, otherwise the same as version 3.0.7.
Version 3.0.7, 2004-04-28
Added stream tracing option.
Version 3.0.6, 2004-04-13
Version 3.0.6 is adapted to Eclipse 3.0 M8, but otherwise has the same code base as version 1.0.6.
Version 1.0.6, 2004-04-09
Completely changed stream/socket timeout handling because of persisting problems with communication timeouts.
The CVS communication timeout setting will now be used during handshake and normal operation.
Cancelling by user is handled in a seperate thread.
Version 1.0.4, 2004-01-07
Fixed a problem introduced in version 1.0.3 that a strange SSLException
("Unsupported record version Unknown 20.169" or similar) was reported instead of a socket timeout.
Now using the Preferences/Team/CVS/Communication timeout value during SSL handshake which defaults to 60 seconds. Before, a fixed 30 seconds timeout was used.
This was problematic with slow-connecting servers like Freepository.
Version 1.0.3, 2004-01-05
- Fixed a major performance problem when uploding files to the server.
- Fixed reporting of authentication method. Before, pserver was reported, which was incorrect.
Version 1.0.2, 2003-08-31
- Renamed the sserver protocol from the previous release to cvsnt-sserver. If you are upgrading from a previous release of the CVS SSL Plugin, you will lose any existing sserver repository connections and you'll need to recreate them.
- Added support for Corey Minyard style CVS sserver (cvs-sserver), thanks to Dale King.
Version 1.0.1, 2003-08-11
- Some changes to the documentation
- Cleaned up trace output to console
- Increased socket timeout during SSL handshaking from 10 to 30 seconds
- Started this version history
Version 1.0.0, 2003-05-31