Our GFE instance uses a certificate from an annoying certificate authority (godata). To get Jenkins to talk to it at all, I had to create a trust store with their intermediate certificates. And now, basic operations work, everything tests out on the configuration page, etc. But when a pull request webhook fires, I get the following backtraces.
Can anyone advise?
Failed to login with creds cc1f844d-c149-46c3-9685-971711912a94
org.kohsuke.github.HttpException: Server returned HTTP response code: -1, message: 'null' for URL: https://git.basistech.net/api/v3/user
at org.kohsuke.github.Requester.parse(Requester.java:540)
at org.kohsuke.github.Requester._to(Requester.java:251)
at org.kohsuke.github.Requester.to(Requester.java:213)
at org.kohsuke.github.GitHub.getMyself(GitHub.java:283)
at org.kohsuke.github.GitHub.<init>(GitHub.java:149)
at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:201)
at org.jenkinsci.plugins.github.internal.GitHubLoginFunction.applyNullSafe(GitHubLoginFunction.java:73)
at org.jenkinsci.plugins.github.internal.GitHubLoginFunction.applyNullSafe(GitHubLoginFunction.java:46)
at org.jenkinsci.plugins.github.util.misc.NullSafeFunction.apply(NullSafeFunction.java:18)
at org.jenkinsci.plugins.github.config.GitHubServerConfig$ClientCacheFunction.applyNullSafe(GitHubServerConfig.java:348)
at org.jenkinsci.plugins.github.config.GitHubServerConfig$ClientCacheFunction.applyNullSafe(GitHubServerConfig.java:344)
at org.jenkinsci.plugins.github.util.misc.NullSafeFunction.apply(NullSafeFunction.java:18)
at com.google.common.collect.Iterators$8.next(Iterators.java:812)
at com.google.common.collect.Iterators$7.computeNext(Iterators.java:648)
at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143)
at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138)
at org.jenkinsci.plugins.github.util.FluentIterableWrapper.first(FluentIterableWrapper.java:128)
at com.github.kostyasha.github.integration.generic.GitHubTriggerDescriptor.githubFor(GitHubTriggerDescriptor.java:63)
at org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.readyToBuildCauses(GitHubPRTrigger.java:267)
at org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.doRun(GitHubPRTrigger.java:236)
at org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger$1.run(GitHubPRTrigger.java:201)
at hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:119)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at com.squareup.okhttp.Connection.connectTls(Connection.java:235)
at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
at com.squareup.okhttp.Connection.connect(Connection.java:172)
at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367)
at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:328)
at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:438)
at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:389)
at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:502)
at com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:105)
at com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:25)
at org.kohsuke.github.Requester.parse(Requester.java:514)
... 27 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
at sun.security.validator.Validator.getInstance(Validator.java:179)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
... 41 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
... 53 more
Oct 27, 2016 9:58:05 AM SEVERE org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger doRun
Can't process check (Can't find appropriate client for github repo <https://git.basistech.net/raas/rosapi1.5>)
org.jenkinsci.plugins.github.internal.GHPluginConfigException: Can't find appropriate client for github repo <https://git.basistech.net/raas/rosapi1.5>
at com.github.kostyasha.github.integration.generic.GitHubTriggerDescriptor.githubFor(GitHubTriggerDescriptor.java:67)
at org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.readyToBuildCauses(GitHubPRTrigger.java:267)
at org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.doRun(GitHubPRTrigger.java:236)
at org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger$1.run(GitHubPRTrigger.java:201)
at hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:119)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)