Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47625

Swarm client 3.6: disableSslVerification has no effect

    Details

    • Similar Issues:
    • Released As:
      Swarm Plugin Client 3.13

      Description

      When starting swarm-client 3.6 with the option -disableSslVerification and using an invalid SSL certificate, the swarm client fails to start.

      To reproduce: The Jenkins master is running locally as a Docker container. To get the https frontend, an nginx container with an SSL certificate listens to port 443 and proxies traffic to the Jenkins master. With swarm-client 3.4, I can start the agent with

      java -jar swarm-client-3.4.jar \
      -disableClientsUniqueId \
      -name agent-3.4 \
      -disableSslVerification \
      -master https://localhost
      

      With swarm-client 3.6 I get

      javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != </*.netent.com/netent.com/*.netent.com>
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:339)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:275)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:258)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:115)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:156)
      at shaded.org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:714)
      at shaded.org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1368)
      at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:394)
      at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:178)
      at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:404)
      at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:330)
      at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:224)
      at hudson.plugins.swarm.Client.run(Client.java:139)
      at hudson.plugins.swarm.Client.main(Client.java:112)
      

      Swarm client 3.6 works fine without the disableSslVerification option, or with the option when using a valid certificate.

       

      Incidentally, I noticed that swarm-client 3.4 was built with Java 8 but 3.6 was built with Java 7. Don't know if that is relevant.

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          That's why I asked to ping me.
          Sorry, I receive more requests than I can handle so some things get missed.

          Show
          oleg_nenashev Oleg Nenashev added a comment - That's why I asked to ping me. Sorry, I receive more requests than I can handle so some things get missed.
          Hide
          jl68 Jonas Lindström added a comment -

          No problem Oleg Nenashev.  

          Show
          jl68 Jonas Lindström added a comment - No problem Oleg Nenashev .  
          Hide
          rompic Roman Pickl added a comment -

          I ran into the same issue with 3.8 today, but it seems to work with 3.13

          Show
          rompic Roman Pickl added a comment - I ran into the same issue with 3.8 today, but it seems to work with 3.13
          Hide
          jl68 Jonas Lindström added a comment -

          Thank you for the heads-up Roman Pickl. 3.13 seems to work for me too.

          Show
          jl68 Jonas Lindström added a comment - Thank you for the heads-up Roman Pickl . 3.13 seems to work for me too.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Let's assume it was fixed there somehow.

          Show
          oleg_nenashev Oleg Nenashev added a comment - Let's assume it was fixed there somehow.

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              jl68 Jonas Lindström
            • Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: