Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61596

http client in jenkins swarm badly verifies hostname in SSL certificate

    Details

    • Similar Issues:
    • Released As:
      3.19

      Description

      javax.net.ssl.SSLPeerUnverifiedException: Certificate for <jenkins.xx.yy> doesn't match any of the subject alternative names: [jenkins.xx.yy, other_name.xx.yy]
              at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
              at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
              at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
              at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
              at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
              at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
              at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
              at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
              at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
              at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
              at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
              at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
              at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142)
              at hudson.plugins.swarm.Client.run(Client.java:150)
              at hudson.plugins.swarm.Client.main(Client.java:128)
      

      The fix seems to be available in httpclient 4.5.12 https://downloads.apache.org/httpcomponents/httpclient/RELEASE_NOTES-4.5.x.txt

       

      The bug surfaced when I updated the agent machine last week and it pulled the new plugin.

       

      Curl verifies the certificate fine, as do browsers

        Attachments

          Issue Links

            Activity

            Hide
            sobczyk Szymon S added a comment -

            I see httpclient 4.5.12 is already pulled in https://github.com/jenkinsci/swarm-plugin/commit/bd01dc3ae4918bfa77730ad05745232f665a7e96

            How soon do you plan new release?

            Show
            sobczyk Szymon S added a comment - I see httpclient 4.5.12 is already pulled in https://github.com/jenkinsci/swarm-plugin/commit/bd01dc3ae4918bfa77730ad05745232f665a7e96 How soon do you plan new release?
            Hide
            basil Basil Crow added a comment -

            This seems to be fixed by jenkinsci/swarm-plugin#190.

            Show
            basil Basil Crow added a comment - This seems to be fixed by jenkinsci/swarm-plugin#190 .
            Hide
            basil Basil Crow added a comment -

            Released in 3.19. Can you please confirm that this release addresses the problem? Thank you!

            Show
            basil Basil Crow added a comment - Released in 3.19 . Can you please confirm that this release addresses the problem? Thank you!

              People

              • Assignee:
                basil Basil Crow
                Reporter:
                sobczyk Szymon S
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: