Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8132

Automatic Usage of SSL after Upgrading to 1.17

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Hudson must not use LDAPS by default - i.e. our active directory system does not provide
      LDAPS. My windows admins opened the port but did not provide ldap via SSL....

      This reders hudson unusable - any ideas for a workaround?

      WARNUNG: Failed to bind to foobar-l02-dc01.foobar.local:3269
      javax.naming.CommunicationException: simple bind failed: foobar-l02-dc01.foobar.local:3269 [Root exception is javax.net.ssl.SSLException: java.net.SocketException: Connection reset]
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
      at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:281)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:135)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:109)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:75)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:619)
      Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1586)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1550)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1495)
      at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:86)
      at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
      at java.io.BufferedInputStream.read1(BufferedInputStream.java:258)
      at java.io.BufferedInputStream.read(BufferedInputStream.java:317)
      at com.sun.jndi.ldap.Connection.run(Connection.java:808)
      ... 1 more
      Caused by: java.net.SocketException: Connection reset
      at java.net.SocketInputStream.read(SocketInputStream.java:168)
      at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
      at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
      at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
      ... 5 more

        Attachments

          Issue Links

            Activity

            Hide
            acwwat Anthony Wat added a comment -

            I've also confirmed the fix on Jenkins 1.418. It would be appreciated if you could commit the fix soon. Thanks a bunch!

            Show
            acwwat Anthony Wat added a comment - I've also confirmed the fix on Jenkins 1.418. It would be appreciated if you could commit the fix soon. Thanks a bunch!
            Hide
            acwwat Anthony Wat added a comment -

            Can the patch be committed into the next version of the plugin?

            Show
            acwwat Anthony Wat added a comment - Can the patch be committed into the next version of the plugin?
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
            http://jenkins-ci.org/commit/active-directory-plugin/a0a130eb6ed978731e14313ba65f0be17e6253dd
            Log:
            [FIXED JENKINS-8132] Fixed a bug in TLS upgrade. Setting the socket factory kills the connection and the next time it tries to connect the client will attempt LDAPS.
            The server, expecting an LDAP (without S) connection, resets the connection, which results in "connection reset" error. All in all, it wasn't working as TLS.

            The correct way to specify the SSLSocketFactory is apparently to pass it to the negotiate method.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java http://jenkins-ci.org/commit/active-directory-plugin/a0a130eb6ed978731e14313ba65f0be17e6253dd Log: [FIXED JENKINS-8132] Fixed a bug in TLS upgrade. Setting the socket factory kills the connection and the next time it tries to connect the client will attempt LDAPS. The server, expecting an LDAP (without S) connection, resets the connection, which results in "connection reset" error. All in all, it wasn't working as TLS. The correct way to specify the SSLSocketFactory is apparently to pass it to the negotiate method.
            Hide
            kohsuke Kohsuke Kawaguchi added a comment -

            Fixed and released in 1.21.

            Show
            kohsuke Kohsuke Kawaguchi added a comment - Fixed and released in 1.21.
            Hide
            dogfood dogfood added a comment -

            Integrated in plugins_active-directory #39
            [FIXED JENKINS-8132] Fixed a bug in TLS upgrade. Setting the socket factory kills the connection and the next time it tries to connect the client will attempt LDAPS.

            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
            Show
            dogfood dogfood added a comment - Integrated in plugins_active-directory #39 [FIXED JENKINS-8132] Fixed a bug in TLS upgrade. Setting the socket factory kills the connection and the next time it tries to connect the client will attempt LDAPS. Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java

              People

              • Assignee:
                Unassigned
                Reporter:
                scoopex Marc Schoechlin
              • Votes:
                10 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: