-
Bug
-
Resolution: Unresolved
-
Minor
-
None
Using jenkins-cli with public key authentication.
jenkins-cli -s http://localhost:8080 help
works.
Using jenkins-cli with public key authentication.
jenkins-cli -s https://jenkins.example.com help
fails with a 403.
Exception in thread "main" java.io.IOException: Server returned HTTP response code: 403 for URL: https://jenkins.example.com/cli
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1403)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:61)
at hudson.cli.CLI.<init>(CLI.java:110)
at hudson.cli.CLI.<init>(CLI.java:82)
at hudson.cli.CLI._main(CLI.java:250)
at hudson.cli.CLI.main(CLI.java:199)
Apache configuration is a simple vhost with ProxyPass/ProxyPassReverse at the root.
- relates to
-
JENKINS-41745 Remoting-free CLI
-
- Resolved
-
Apparently this might be related to SNI (or the lack thereof) on the client side.
Since this host has multiple SSL vhosts with the same IP, the following config setting was added:
SSLStrictSNIVHostCheck on
... which causes non-SNI clients to be rejected (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslstrictsnivhostcheck)
Changing it to:
SSLStrictSNIVHostCheck off
... gets rid of the 403. However the client instead will hang.
Seems similar to JENKINS-11560 and
JENKINS-16345, though the SNI problem could be considered a separate issue.