Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48511

Active Directory seems to always trust any certificate

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      Jenkins 2.93 on RHEL5 x86_64, JDK 1.8.0_152, Active Directory plugin 2.6
    • Similar Issues:

      Description

      Even though configuration is set up to trust certificates from JDK trustStore, logging shows that actual socket factory used is TrustAllSocketFactory, which does not fail on unknown (custom) DC certificate:

      Dec 12, 2017 1:49:17 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      
      Attempting to resolve _gc._tcp.<site>._sites.<domain> to SRV record
      
      Dec 12, 2017 1:49:17 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      
      Attempting to resolve _ldap._tcp.<site>._sites.<domain> to SRV record
      
      Dec 12, 2017 1:49:17 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      
      SRV record found: 0 100 389 <dc>.<domain>.
      
      Dec 12, 2017 1:49:17 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      
      _ldap._tcp.<site>._sites.<domain> resolved to [<dc>.<domain>:389]
      
      Dec 12, 2017 1:49:17 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      
      Connecting to ldap://<dc>.<domain>:389/
      
      Dec 12, 2017 1:49:17 PM FINE hudson.plugins.active_directory.TrustAllSocketFactory
      
      Got the certificate: [[
      <boring output>
      ]]
      Dec 12, 2017 1:49:17 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      
      Connection upgraded to TLS
      

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              fbelzunc FĂ©lix Belzunce Arcos
              Reporter:
              raspy Krzysztof Malinowski
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: