[JIRA] (JENKINS-62033) swarm-client -disableSslVerification does not skip searching subject alternative names

[brianrobotics@gmail.com (JIRA)]

Brian Farrell created an issue

Jenkins / JENKINS-62033 swarm-client -disableSslVerification does not skip searching subject alternative names Issue Type: Bug Assignee: Unassigned Components: swarm-plugin Created: 2020-04-23 17:12 Environment: Jenkins 2.222.1 swarm-client 3.4 up through 3.19 Priority: Minor Reporter: Brian Farrell When running the following command line:   Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

[brianrobotics@gmail.com (JIRA)]

Brian Farrell updated an issue

Jenkins / JENKINS-62033 swarm-client -disableSslVerification does not skip searching subject alternative names

Change By: Brian Farrell

When running the following command line:

/usr/bin/java -jar /tmp/swarm-client.3.19.jar \    -disableSslVerification \    -deleteExistingClients \         -disableClientsUniqueId \         -showHostName \         -noRetryAfterConnected \         -executors=7 \         -labels 'blftest' \         -master https://myjenkins.example.com \        -username jenkins \         -passwordEnvVariable ADMIN_PSW   I received the following output Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client logArguments INFO: Client invoked with: -deleteExistingClients true -disableClientsUniqueId true -disableSslVerification true -executors 7 -labels [blftest] -master https://myjenkins.example.com -noRetryAfterConnected true -passwordEnvVariable ADMIN_PSW -showHostName true -username ***** Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run INFO: Discovering Jenkins master Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run SEVERE: IOException occurred javax.net.ssl.SSLPeerUnverifiedException: Certificate for <myjenkins.example.com> doesn't match any of the subject alternative names: [ingress.local] at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142) at hudson.plugins.swarm.Client.run(Client.java:150) at hudson.plugins.swarm.Client.main(Client.java:128) javax.net.ssl.SSLPeerUnverifiedException: Certificate for <myjenkins.example.com> doesn't match any of the subject alternative names: [ingress.local] at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142) at hudson.plugins.swarm.Client.run(Client.java:150) at hudson.plugins.swarm.Client.main(Client.java:128) Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run INFO: Retrying in 10 seconds   Not sure why the Subject Alternative name is even being checked when I specified "-disableSslVerification".  I tried 'curl -k' and it works as expected.

Add Comment