-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
RHEL-3.10.0-957.el7.x86_64, JRE 1.8.0_161-b12, jira-PlugIn 3.0.6, jira-steps-plugin 1.4.5, Jenkins 2.174, Jira 7.9.2
Hi Naresh,
i've tried several hours to get start with the jire-step plugin and the internal it infrastructure of my company. It has a self-signed root certificate and the Jira server has an normal one signed with it as shown as follows:
. |–LEVEL 2–Jenkins
ROOT - |
. |–LEVEL 2--Jira
First i've had the "unable to find valid certification path" - error for all Jira plugins. After importing the server certificate and their root certificates into the keystore and referenced them in /etc/sysconfig/jenkins this error disappeared.
For now the jira-step plugin has another error: "hostname <domain> not validated". The other Jira Plugin can connect to Jira and i could write comments into several tickets.
I've also imported the certificates into the /etc/ssl/ca-bundle.crt store and openssl can connect successfully with the server. I downloaded the certificate directly via openssl from the Jira server and include it again into the keystore.
I see that the jira ssl-certificate has not a defined subject alternative name (SAN) field. Maybe this is the problem here.
If so, it would be very helpful to introduce an option for disabling or lower ssl checks at least for testing purposal.
I want really use Jira-Step to trigger time-based my jobs. A webhook would be an option, but is not allowed by it security at the moment. This is another story 
Thanks for any help.
Greetings
Lars
—
with -Djavax.net.debug=ssl
i see that the tls handshake has been done, but then the session is terminated:
trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client session *** ClientHello, TLSv1.2 [...] *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: public y coord: parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone *** ECDHClientKeyExchange ECDH Public value: Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, WRITE: TLSv1.2 Handshake, length = 70 SESSION KEYGEN: PreMaster Secret: CONNECTION KEYGEN: Client Nonce: Server Nonce: Master Secret: Client MAC write Secret: Server MAC write Secret: Client write key: Server write key: ... no IV derived for this protocol Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: 16, 138, 146, 230, 210, 212, 227, 185, 142, 41, 116, 130 *** Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, WRITE: TLSv1.2 Handshake, length = 64 Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, READ: TLSv1.2 Change Cipher Spec, length = 1 Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, READ: TLSv1.2 Handshake, length = 64 *** Finished verify_data: 233, 215, 106, 1, 227, 137, 121, 230, 229, 100, 135, 127 *** %% Cached client session: [Session-391, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, called close() Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, called closeInternal(true) Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, SEND TLSv1.2 ALERT: warning, description = close_notify Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, WRITE: TLSv1.2 Alert, length = 48 Handling POST /descriptorByName/org.thoughtslive.jenkins.plugins.jira.Site/validateBasic from 10.270.58.12 : qtp992136656-386, called closeSocket(true)