[JIRA] (JENKINS-61596) http client in jenkins swarm badly verfies ostname in SSL certificate

4 views
Skip to first unread message

sobik.szymon@gmail.com (JIRA)

unread,
Mar 19, 2020, 8:01:02 PM3/19/20
to jenkinsc...@googlegroups.com
Szymon S created an issue
 
Jenkins / Bug JENKINS-61596
http client in jenkins swarm badly verfies ostname in SSL certificate
Issue Type: Bug Bug
Assignee: Unassigned
Components: swarm-plugin
Created: 2020-03-20 00:00
Environment: Jenkins ver. 2.204.5
swarm 3.18
Labels: regression SSL
Priority: Major Major
Reporter: Szymon S 
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <jenkins.xx.yy> doesn't match any of the subject alternative names: [jenkins.xx.yy, other_name.xx.yy]
        at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
        at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
        at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
        at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
        at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
        at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
        at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
        at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
        at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
        at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142)
        at hudson.plugins.swarm.Client.run(Client.java:150)
        at hudson.plugins.swarm.Client.main(Client.java:128)

The fix seems to be available in httpclient 4.5.12 https://downloads.apache.org/httpcomponents/httpclient/RELEASE_NOTES-4.5.x.txt

 

The bug surfaced when I updated the agent machine last week and it pulled the new plugin.

 

Curl verifies the certificate fine, as do browsers
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

sobik.szymon@gmail.com (JIRA)

unread,
Mar 19, 2020, 8:07:04 PM3/19/20
to jenkinsc...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages