Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51124

Trust Server Certificate not honoured for build failure messages

    Details

    • Similar Issues:

      Description

      I've configured rocketchat notifier with the option "Trust Server Certificate" set, and the test connection works, giving the message
      "you're all set on [domain]" in my rocket chat channel.
      I've configured the rocketchat plugin for the build in question and checked to be notified on all event types, however no message is received and in the logs there is the message:
      "Could not send rocket message"

      I updated the relevant log message to include the actual error, and reloaded the plugin which now gives:

      Build completed. Checking for rocket notifiers
      May 04, 2018 9:00:14 AM INFO jenkins.plugins.rocketchatnotifier.ActiveNotifier completed
      Could not send rocket message: Please check if the server API domain:2015/api/v1/login is correct: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      It appears that the test is not checking for a certificate, but to actually send a message it still is.

        Attachments

          Activity

          Hide
          mreinhardt Martin Reinhardt added a comment -

          Fixed in 1.3.1

          Show
          mreinhardt Martin Reinhardt added a comment - Fixed in 1.3.1
          Hide
          metaun Konstantin Titor added a comment -

          mark hardwick how do you updated the relevant log message to include the actual error ? Because at the moment I have the same error "Could not send rocket message"  in jenkins log without additional information. 
          PLugin version 1.3.2

          Show
          metaun Konstantin Titor added a comment - mark hardwick how do you updated the relevant log message to include the actual error ? Because at the moment I have the same error "Could not send rocket message"  in jenkins log without additional information.  PLugin version 1.3.2
          Hide
          metaun Konstantin Titor added a comment -

          I've reopened this issue because I have the same error with the latest version  of Jenkins and Rocket.Chat plugin

          Show
          metaun Konstantin Titor added a comment - I've reopened this issue because I have the same error with the latest version  of Jenkins and Rocket.Chat plugin
          Hide
          gaebl Gaël Barbier added a comment - - edited

          We have the same issue in 1.4.1.
          With an HTTPS instance of Rocket Chat with a self-signed certificate and with username/password auth (not webhook token).
          "Test Connection" is fine with "Trust Server Certificate" checked.
          But with the build notifier fails.

          Build completed. Checking for rocket notifiers
          janv. 28, 2019 2:49:44 PM INFOS jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl
          Creating new instance for rocket https://rocket****** (trustSSL: false)
          janv. 28, 2019 2:49:44 PM GRAVE jenkins.plugins.rocketchatnotifier.RocketClientWebhookImpl publish
          I/O error error during publishing message sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) Caused: sun.security.validator.ValidatorException: PKIX path building failed at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) Caused: javax.net.ssl.SSLHandshakeException at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:138) Caused: com.mashape.unirest.http.exceptions.UnirestException at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:143) at com.mashape.unirest.request.BaseRequest.asString(BaseRequest.java:56) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildGetCall(RocketChatClientCallBuilder.java:148) Caused: jenkins.plugins.rocketchatnotifier.rocket.errorhandling.RocketClientException at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildGetCall(RocketChatClientCallBuilder.java:150) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildCall(RocketChatClientCallBuilder.java:126) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildCall(RocketChatClientCallBuilder.java:111) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.getInfo(RocketChatClientImpl.java:101) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.sendSingleMessage(RocketChatClientImpl.java:151) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.send(RocketChatClientImpl.java:130) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.send(RocketChatClientImpl.java:123) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.send(RocketChatClientImpl.java:117) at jenkins.plugins.rocketchatnotifier.RocketClientWebhookImpl.publish(RocketClientWebhookImpl.java:37) at jenkins.plugins.rocketchatnotifier.ActiveNotifier.completed(ActiveNotifier.java:114) at jenkins.plugins.rocketchatnotifier.RocketChatNotifier.perform(RocketChatNotifier.java:367) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:736) at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:682) at hudson.model.Build$BuildExecution.post2(Build.java:186) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:627) at hudson.model.Run.execute(Run.java:1762) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:421)

          Show
          gaebl Gaël Barbier added a comment - - edited We have the same issue in 1.4.1. With an HTTPS instance of Rocket Chat with a self-signed certificate and with username/password auth (not webhook token). "Test Connection" is fine with "Trust Server Certificate" checked. But with the build notifier fails. Build completed. Checking for rocket notifiers janv. 28, 2019 2:49:44 PM INFOS jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl Creating new instance for rocket https://rocket****** (trustSSL: false) janv. 28, 2019 2:49:44 PM GRAVE jenkins.plugins.rocketchatnotifier.RocketClientWebhookImpl publish I/O error error during publishing message sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) Caused: sun.security.validator.ValidatorException: PKIX path building failed at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) Caused: javax.net.ssl.SSLHandshakeException at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:138) Caused: com.mashape.unirest.http.exceptions.UnirestException at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:143) at com.mashape.unirest.request.BaseRequest.asString(BaseRequest.java:56) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildGetCall(RocketChatClientCallBuilder.java:148) Caused: jenkins.plugins.rocketchatnotifier.rocket.errorhandling.RocketClientException at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildGetCall(RocketChatClientCallBuilder.java:150) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildCall(RocketChatClientCallBuilder.java:126) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildCall(RocketChatClientCallBuilder.java:111) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.getInfo(RocketChatClientImpl.java:101) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.sendSingleMessage(RocketChatClientImpl.java:151) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.send(RocketChatClientImpl.java:130) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.send(RocketChatClientImpl.java:123) at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.send(RocketChatClientImpl.java:117) at jenkins.plugins.rocketchatnotifier.RocketClientWebhookImpl.publish(RocketClientWebhookImpl.java:37) at jenkins.plugins.rocketchatnotifier.ActiveNotifier.completed(ActiveNotifier.java:114) at jenkins.plugins.rocketchatnotifier.RocketChatNotifier.perform(RocketChatNotifier.java:367) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:736) at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:682) at hudson.model.Build$BuildExecution.post2(Build.java:186) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:627) at hudson.model.Run.execute(Run.java:1762) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:421)
          Hide
          mreinhardt Martin Reinhardt added a comment -

          and the logs says you have trustSSL disabled so any self-signed cert will not get through

          Show
          mreinhardt Martin Reinhardt added a comment - and the logs says you have trustSSL disabled so any self-signed cert will not get through

            People

            • Assignee:
              mreinhardt Martin Reinhardt
              Reporter:
              mark_hardwick mark hardwick
            • Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: