Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22675

Jenkins GIT Plugin unable to access repository using HTTPS with self-signed certificate

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When trying to configure a new job and setting GIT repository Jenkins always fails regardless of the configuration when using HTTPS with credentials.

      Here is the error message

      Failed to connect to repository : handshake alert: unrecognized_name

      Local git install has configured

      git config --global http.sslVerify false

        Attachments

          Issue Links

            Activity

            Hide
            torstens Torsten Schlabach added a comment -

            @Mark Waite:

            Thanks a lot for explaining why there is a connection from Java to the repository even if not JGit but the native git client is configured in Jenkins. This is pretty counter intuitive unless it gets explained.

            But couldn't we achieve the same (i.e. find out if a password prompt would block the call) by making a call to curl?

            My reasoning is that

            a) AFAIK git uses curl, so if curl will work, git will at least not fail because of required but not supplied credentials
            b) If the system administrator has made sure that native git will be able to connect to the repository (for example by providing HTTP/S proxy credentials in an environment variable) it will work for curl as well

            Show
            torstens Torsten Schlabach added a comment - @Mark Waite: Thanks a lot for explaining why there is a connection from Java to the repository even if not JGit but the native git client is configured in Jenkins. This is pretty counter intuitive unless it gets explained. But couldn't we achieve the same (i.e. find out if a password prompt would block the call) by making a call to curl? My reasoning is that a) AFAIK git uses curl, so if curl will work, git will at least not fail because of required but not supplied credentials b) If the system administrator has made sure that native git will be able to connect to the repository (for example by providing HTTP/S proxy credentials in an environment variable) it will work for curl as well
            Hide
            markewaite Mark Waite added a comment -

            If git uses curl, then switching to use curl to guess if command line git would block may avoid these self-signed certificate cases.

            I'd love to see a pull request with that change proposed, including a set of automated tests to verify it is working correctly.

            Currently, I'm working to create automated tests of some relatively simple authenticated access paths (https, ssh, github, bitbucket, local server, etc.). My tests won't check for a self-signed certificate initially, since I don't have a self-signed certificate installed on any of the git servers I use for testing.

            Show
            markewaite Mark Waite added a comment - If git uses curl, then switching to use curl to guess if command line git would block may avoid these self-signed certificate cases. I'd love to see a pull request with that change proposed, including a set of automated tests to verify it is working correctly. Currently, I'm working to create automated tests of some relatively simple authenticated access paths (https, ssh, github, bitbucket, local server, etc.). My tests won't check for a self-signed certificate initially, since I don't have a self-signed certificate installed on any of the git servers I use for testing.
            Hide
            jcolton Jim Colton added a comment - - edited

            The access is working for me if I select to have Jenkins use JGit in the "Configure System" section, use the ssh protocol when specifying the git repo (git@gitHost/repo) and also using ssh keys so that ssh works without asking for password.

            Show
            jcolton Jim Colton added a comment - - edited The access is working for me if I select to have Jenkins use JGit in the "Configure System" section, use the ssh protocol when specifying the git repo (git@gitHost/repo) and also using ssh keys so that ssh works without asking for password.
            Hide
            markewaite Mark Waite added a comment -

            The call to checkCredentials() has been removed in git-client-plugin from 1.13.1 and beyond. Would you be willing to test a pre-release of git-client-plugin 1.13.1 for this case?

            Show
            markewaite Mark Waite added a comment - The call to checkCredentials() has been removed in git-client-plugin from 1.13.1 and beyond. Would you be willing to test a pre-release of git-client-plugin 1.13.1 for this case?
            Hide
            markewaite Mark Waite added a comment -

            The git-client-plugin 1.14.0 release is now available and has removed the call to JGit checkCredentials when using command line git.

            Show
            markewaite Mark Waite added a comment - The git-client-plugin 1.14.0 release is now available and has removed the call to JGit checkCredentials when using command line git.

              People

              • Assignee:
                ndeloof Nicolas De Loof
                Reporter:
                josemp jose porcel
              • Votes:
                2 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: