Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32980

Make it easier to use JNLP slaves with self-signed TLS certificates on Jenkins

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Add a new CLI option that allows specifying any additional TLS certificates to trust when discovering ports via JNLP

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/hudson/remoting/Engine.java
          src/main/java/hudson/remoting/jnlp/Main.java
          http://jenkins-ci.org/commit/remoting/efaea8e3ef9ceed56d596f515482cb8dfe95161c
          Log:
          [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 PEM encoded certificates to trust when performing JNLP port discovery on the supplied Jenkins URLs

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/remoting/Engine.java src/main/java/hudson/remoting/jnlp/Main.java http://jenkins-ci.org/commit/remoting/efaea8e3ef9ceed56d596f515482cb8dfe95161c Log: [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 PEM encoded certificates to trust when performing JNLP port discovery on the supplied Jenkins URLs
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/hudson/remoting/Engine.java
          src/main/java/hudson/remoting/jnlp/Main.java
          http://jenkins-ci.org/commit/remoting/818e58b158648e42e1260cfd0de228c1bff18446
          Log:
          [FIXED JENKINS-32980] Address code review comments

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/remoting/Engine.java src/main/java/hudson/remoting/jnlp/Main.java http://jenkins-ci.org/commit/remoting/818e58b158648e42e1260cfd0de228c1bff18446 Log: [FIXED JENKINS-32980] Address code review comments
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/hudson/remoting/Engine.java
          src/main/java/hudson/remoting/jnlp/Main.java
          http://jenkins-ci.org/commit/remoting/93c42ab4370b06f6d8b205e9a0a2c359f3d65708
          Log:
          Merge pull request #72 from jenkinsci/jenkins-32980

          [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 certs

          Compare: https://github.com/jenkinsci/remoting/compare/7a50b43850b1...93c42ab4370b

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/hudson/remoting/Engine.java src/main/java/hudson/remoting/jnlp/Main.java http://jenkins-ci.org/commit/remoting/93c42ab4370b06f6d8b205e9a0a2c359f3d65708 Log: Merge pull request #72 from jenkinsci/jenkins-32980 [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 certs Compare: https://github.com/jenkinsci/remoting/compare/7a50b43850b1...93c42ab4370b
          Hide
          jrogers Jonathan Rogers added a comment - - edited

          How is one supposed to use this? I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error:
          "----END CERTIFICATE----" is not a valid option

          This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate. I tried supplying both the CA cert and the server's cert. After all this failed, I added the CA cert to the Java key store and everything worked without the -cert option.

          Show
          jrogers Jonathan Rogers added a comment - - edited How is one supposed to use this? I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error: "---- END CERTIFICATE ----" is not a valid option This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate. I tried supplying both the CA cert and the server's cert. After all this failed, I added the CA cert to the Java key store and everything worked without the -cert option.
          Hide
          jrogers Jonathan Rogers added a comment -

          This does not work as described.
           

          I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error:
          "----END CERTIFICATE----" is not a valid option

          This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate.

          Show
          jrogers Jonathan Rogers added a comment - This does not work as described.   I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error: "---- END CERTIFICATE ----" is not a valid option This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate.
          Hide
          splatteredbits Aaron Jensen added a comment -

          This doesn't work for me, either. It's unclear from the docs what I'm supposed to pass. The public key? Private key? (I've tried both.) Path to a file?

          Show
          splatteredbits Aaron Jensen added a comment - This doesn't work for me, either. It's unclear from the docs what I'm supposed to pass. The public key? Private key? (I've tried both.) Path to a file?

            People

            • Assignee:
              stephenconnolly Stephen Connolly
              Reporter:
              stephenconnolly Stephen Connolly
            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: