Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23310

Code signing certificate of winp.dll has expired

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Component/s: core
    • Labels:
    • Similar Issues:

      Description

      We cannot download the jenkins.war through our HTTP proxy any more.

      Here is the error message:

      Grund der Blockierung: certificate has expired (depth = 0), revocation status unresolvable (depth = 0), revocation status unresolvable (depth = 1), revocation status unresolvable (depth = 2), revocation status unresolvable (depth = 3)
      Verletzung der Sicherheitsnorm in Datei: http://jenkins.mirror.isppower.de/war/1.566/jenkins.war/WEB-INF/lib/winp-1.19.jar/winp.dll

      Sorry for the German language parts, but I think the issue becomes clear.

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Kohsuke is an owner of the WinP library project

          Show
          oleg_nenashev Oleg Nenashev added a comment - Kohsuke is an owner of the WinP library project
          Hide
          danielbeck Daniel Beck added a comment -

          Reducing priority: Download of jenkins.war is hardly a production-breaking issue; and a workaround is available in downloading not through the proxy. All issues here are imposed by your own organization.

          Show
          danielbeck Daniel Beck added a comment - Reducing priority: Download of jenkins.war is hardly a production-breaking issue; and a workaround is available in downloading not through the proxy. All issues here are imposed by your own organization.
          Hide
          danielbeck Daniel Beck added a comment -

          New Winp release was integrated for 1.569 (JENKINS-23410). Maybe the cert issue has been fixed.

          Show
          danielbeck Daniel Beck added a comment - New Winp release was integrated for 1.569 ( JENKINS-23410 ). Maybe the cert issue has been fixed.
          Hide
          torstens Torsten Schlabach added a comment - - edited

          Yes, it has been fixed in the sense that we can indeed download 1.569 now. Though we will not be able to download 1.569 in some remote future point in time from now after the new code signing certificate will have expired again.

          BUT I learn from http://portableapps.com/node/24236 (the last remark by John T. Haller dated July 14, 2010 at 10:41am in that thread that the fault isn't with the Jenkins / Winp developers at all but with the people who implemented / configured the certificate checks on our content inspection HTTP proxy server.

          After reading, it sounds quite logical to me that a code signing certificate needs to be valid at the point in time the code is signed, not at the code in time I want to download or execute the code. Unless the certificate had been revoked in the meanwhile, but that doesn't seem to be the case here.

          So in other words, you didn't actually fix it neither by chance nor by purpose but it's just luck that when I tried to download 1.569 yesterday that I was still within the time window of validity of your code signing certificate, despite that time window shouldn't matter at all for my download.

          HTH

          Show
          torstens Torsten Schlabach added a comment - - edited Yes, it has been fixed in the sense that we can indeed download 1.569 now. Though we will not be able to download 1.569 in some remote future point in time from now after the new code signing certificate will have expired again. BUT I learn from http://portableapps.com/node/24236 (the last remark by John T. Haller dated July 14, 2010 at 10:41am in that thread that the fault isn't with the Jenkins / Winp developers at all but with the people who implemented / configured the certificate checks on our content inspection HTTP proxy server. After reading, it sounds quite logical to me that a code signing certificate needs to be valid at the point in time the code is signed, not at the code in time I want to download or execute the code. Unless the certificate had been revoked in the meanwhile, but that doesn't seem to be the case here. So in other words, you didn't actually fix it neither by chance nor by purpose but it's just luck that when I tried to download 1.569 yesterday that I was still within the time window of validity of your code signing certificate, despite that time window shouldn't matter at all for my download. HTH

            People

            Assignee:
            kohsuke Kohsuke Kawaguchi
            Reporter:
            torstens Torsten Schlabach
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: