Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47625

Swarm client 3.6: disableSslVerification has no effect

    Details

    • Similar Issues:
    • Released As:
      Swarm Plugin Client 3.13

      Description

      When starting swarm-client 3.6 with the option -disableSslVerification and using an invalid SSL certificate, the swarm client fails to start.

      To reproduce: The Jenkins master is running locally as a Docker container. To get the https frontend, an nginx container with an SSL certificate listens to port 443 and proxies traffic to the Jenkins master. With swarm-client 3.4, I can start the agent with

      java -jar swarm-client-3.4.jar \
      -disableClientsUniqueId \
      -name agent-3.4 \
      -disableSslVerification \
      -master https://localhost
      

      With swarm-client 3.6 I get

      javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != </*.netent.com/netent.com/*.netent.com>
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:339)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:275)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:258)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:115)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:156)
      at shaded.org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:714)
      at shaded.org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1368)
      at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:394)
      at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:178)
      at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:404)
      at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:330)
      at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:224)
      at hudson.plugins.swarm.Client.run(Client.java:139)
      at hudson.plugins.swarm.Client.main(Client.java:112)
      

      Swarm client 3.6 works fine without the disableSslVerification option, or with the option when using a valid certificate.

       

      Incidentally, I noticed that swarm-client 3.4 was built with Java 8 but 3.6 was built with Java 7. Don't know if that is relevant.

        Attachments

          Activity

          Hide
          jl68 Jonas Lindström added a comment -

          No problem Oleg Nenashev.  

          Show
          jl68 Jonas Lindström added a comment - No problem Oleg Nenashev .  
          Hide
          rompic Roman Pickl added a comment -

          I ran into the same issue with 3.8 today, but it seems to work with 3.13

          Show
          rompic Roman Pickl added a comment - I ran into the same issue with 3.8 today, but it seems to work with 3.13
          Hide
          jl68 Jonas Lindström added a comment -

          Thank you for the heads-up Roman Pickl. 3.13 seems to work for me too.

          Show
          jl68 Jonas Lindström added a comment - Thank you for the heads-up Roman Pickl . 3.13 seems to work for me too.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Let's assume it was fixed there somehow.

          Show
          oleg_nenashev Oleg Nenashev added a comment - Let's assume it was fixed there somehow.
          Hide
          grayaii Alex Gray added a comment -

          weird. It's failing for me for all versions. I tried all the way up to version 3.19.
          Maybe it the version of java that I'm using to launch the jar file?
          I'll keep digging, but that is the exact error that I get when use the disableSslVerification option.

          Show
          grayaii Alex Gray added a comment - weird. It's failing for me for all versions. I tried all the way up to version 3.19. Maybe it the version of java that I'm using to launch the jar file? I'll keep digging, but that is the exact error that I get when use the disableSslVerification option.

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              jl68 Jonas Lindström
            • Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: