Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31562

Remoting release process should fail if the certificate is outdated.

      I cannot run JNLP slaves from the web browser on default Java security setup. Seems remoting-2.53 has been release by ci_jenkinsci_org with the outdated certificate

          [JENKINS-31562] Remoting release process should fail if the certificate is outdated.

          Jesse Glick added a comment -

          I guess this should become an acceptance test using a `DockerFixture` with a specific JRE installation, so we could catch such problems mechanically before release.

          Jesse Glick added a comment - I guess this should become an acceptance test using a `DockerFixture` with a specific JRE installation, so we could catch such problems mechanically before release.

          Jesse Glick added a comment -

          Maybe also a unit test in `core` verifying that the certificate is good for at least six months or so.

          Jesse Glick added a comment - Maybe also a unit test in `core` verifying that the certificate is good for at least six months or so.

          Oleg Nenashev added a comment -

          +1

          Oleg Nenashev added a comment - +1

          Oleg Nenashev added a comment -

          Oleg Nenashev added a comment - Troubleshooting and "fixes": http://java.com/en/download/help/appsecuritydialogs.xml

          Daniel Beck added a comment -

          According to KK, 2.53.2 is unaffected. Leave this open for the tests, or resolve?

          Daniel Beck added a comment - According to KK, 2.53.2 is unaffected. Leave this open for the tests, or resolve?

          I think the easier way to prevent this is to make sure the build process fails if it tries to sign with an outdated certificate.

          Kohsuke Kawaguchi added a comment - I think the easier way to prevent this is to make sure the build process fails if it tries to sign with an outdated certificate.

          Hijacked this ticket accordingly.

          Kohsuke Kawaguchi added a comment - Hijacked this ticket accordingly.

          Oleg Nenashev added a comment -

          I have added certificate verification to the Remoting release profile: https://github.com/jenkinsci/remoting/pull/190.
          It does not fully close the issue though

          Oleg Nenashev added a comment - I have added certificate verification to the Remoting release profile: https://github.com/jenkinsci/remoting/pull/190 . It does not fully close the issue though

          Oleg Nenashev added a comment -

          Now Remoting has a full verification on its side in PR builders.
          Core patches would be still useful, but I do not think it's critical

          Oleg Nenashev added a comment - Now Remoting has a full verification on its side in PR builders. Core patches would be still useful, but I do not think it's critical

          Oleg Nenashev added a comment -

          Detached core side to JENKINS-49905

          Oleg Nenashev added a comment - Detached core side to JENKINS-49905

            oleg_nenashev Oleg Nenashev
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: