-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Component/s: www
-
Labels:
-
Similar Issues:
It appears that `http://maven.jenkins-ci.org/...` redirects to `https://repo.jenkins-ci.org/...`, which has a bad TLS cert.
This has at least broken puppet-jenkins.
```
$ curl -I http://maven.jenkins-ci.org/content/repositories/releases/org/jenkins-ci/plugins/swarm-client/1.22//swarm-client-1.22-jar-with-dependencies.jar
HTTP/1.1 302 Found
Date: Tue, 01 Mar 2016 18:01:22 GMT
Server: Apache/2.2.14 (Ubuntu)
Location: https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/1.22//swarm-client-1.22-jar-with-dependencies.jar
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: SERVERID=local; path=/
$ curl -I https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/1.22//swarm-client-1.22-jar-with-dependencies.jar
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
```
```
$ openssl s_client -showcerts -connect repo.jenkins-ci.org:443 </dev/null
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
verify return:1
depth=0 C = IL, ST = Israel, L = Netanya, O = Jfrog Ltd., CN = *.jfrog.org
verify return:1
—
Certificate chain
0 s:/C=IL/ST=Israel/L=Netanya/O=Jfrog Ltd./CN=*.jfrog.org
i:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
----BEGIN CERTIFICATE----
MIIE1zCCA7+gAwIBAgIQMJw5zifVURC2xTf5BJYCwzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTUwMjI2MDAwMDAwWhcNMTcwMjI1MjM1
OTU5WjBbMQswCQYDVQQGEwJJTDEPMA0GA1UECBMGSXNyYWVsMRAwDgYDVQQHFAdO
ZXRhbnlhMRMwEQYDVQQKFApKZnJvZyBMdGQuMRQwEgYDVQQDFAsqLmpmcm9nLm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlueJsw1g+Vp05X/6E0
XrFZE617RumstSbYr0E5wM+oXOmgsQL6aHQf6mScY6QZ4ur1OXQeFrxNM2hb93mX
/jJQR0AaYT0JAPrLVS2uS2iX701QHbhYvEL0WmG0bMAKH/T2B+JbHRvZnKh2+0q1
NMudM2y9sPmN01kF0mwov+1MkrOBBL9wLM57nYDNZVMv70EM15HlBC/MFmkA5k0H
tJag31PgYtjqgiDQe6ic4NueTpmD4u+6dulaNO/mg6n/O5aie9eJ7AZkUMhaFtLe
PB4dhfbV/RR68k/a2oj5WuUnJhWu43UTTYqGVc8MgWVk4Cm9NP8c7JFmb3ibCE4L
MKcCAwEAAaOCAawwggGoMCEGA1UdEQQaMBiCCyouamZyb2cub3JngglqZnJvZy5v
cmcwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYa
aHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgaEGA1UdIASBmTCBljCBkwYKYIZI
AYb4RQEHNjCBhDA/BggrBgEFBQcCARYzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29t
L3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMEEGCCsGAQUFBwICMDUMM2h0dHBz
Oi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU0m/3lvSF
P3I8MH0j2oV4m6N8WnwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRw
Oi8vZ24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ24uc3ltY2IuY29t
L2duLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAgskg2K9U+Fe9WijmHsWbO3yELDwt
BLdkmJSImlb1Ok0I4u/hA9JoUO4CVAxTYrE5vn81+MyfSjE5xlvCYenrc+BLK3D8
khC6JL5DJq63+7JPFHgdmSVjRovXEUbEE4Bc+adcYYj5pGW3pI3AdqMSB3vZAKNl
580a2dQjBDzmVs9vp1E21aIACc+l80SMdCU7PTcENm1Wsso9IdYb7raZwloOlyr3
5PLyqyTJC/getVceSIOP7tliyzJDYjUg0Xxei78FuXs2XRQo8ZmjRLKGzngHdZKg
hJpb/ERmhN6bmVAp5tORSzFbwRXB9oSTMWSuWSjPwHuZix0aOsQ/LDbiYA==
----END CERTIFICATE----
1 s:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
----BEGIN CERTIFICATE----
MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K
hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ
U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B
89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx
j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB
I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv
vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk
DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl
aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB
AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw
QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1
c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5
bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq
n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9
Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg
3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45
SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N
QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp
zNSS
----END CERTIFICATE----
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
----BEGIN CERTIFICATE----
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
----END CERTIFICATE----
3 s:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
----BEGIN CERTIFICATE----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
----END CERTIFICATE----
—
Server certificate
subject=/C=IL/ST=Israel/L=Netanya/O=Jfrog Ltd./CN=*.jfrog.org
issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
—
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
—
SSL handshake has read 4714 bytes and written 327 bytes
—
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: E6C42ABB5F3E1E23746C6CDEC257D5A3E1EE776B5672FFECFBA08032488A1570
Session-ID-ctx:
Master-Key: 2A46AE21D3336D83136DFAC554407D364AE720587050896D8FB7B7FCEC130DE396BDD05649F26DE9B469D9D254480AA0
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 61 5b 25 d7 67 26 5a 92-b0 27 08 fb ca 08 c2 a9 a[%.g&Z..'......
0010 - e4 94 2b 14 7f 86 97 ac-0d 4e 21 d7 81 79 22 e7 ..+......N!..y".
0020 - eb aa 6c 1d db 20 54 54-6b c2 95 da a0 8c ae 82 ..l.. TTk.......
0030 - b5 55 94 d9 dc 62 04 09-fe bf 0b d2 ed 16 7d fb .U...b........}.
0040 - 76 a9 67 fe 27 4d 4a c5-d9 a6 04 b4 4a 2f 93 24 v.g.'MJ.....J/.$
0050 - 4f 79 f0 26 7a b3 f6 81-3f 5b a4 57 b6 cc 2c 4c Oy.&z...?[.W..,L
0060 - 9c cb 61 af cf 06 3e ec-61 7e 38 78 16 73 8c b9 ..a...>.a~8x.s..
0070 - 6d 57 03 1d 80 f6 69 c6-e8 36 ac 3c 84 cd e0 a2 mW....i..6.<....
0080 - 14 c5 36 7d 84 6f ab 1e-53 fe f6 3f f1 65 a9 eb ..6}.o..S..?.e..
0090 - b6 6f 27 dc a1 e7 18 cf-55 cd 22 15 5b 5a 48 f7 .o'.....U.".[ZH.
Start Time: 1456854975
Timeout : 300 (sec)
Verify return code: 0 (ok)
—
DONE
```
In my work this morning reducing load on the Apache servers which host maven.jenkins-ci.org I introduced this redirect. Previously we were using mod_proxy to send binaries from repo.jenkins-ci.org through the Apache servers (derp!).
You've correctly linked
INFRA-109. We've got an outstanding ticket with JFrog support to address this, I'll see if I can unblock some stuff here