Details
-
Type:
New Feature
-
Status: Reopened (View Workflow)
-
Priority:
Minor
-
Resolution: Unresolved
-
Component/s: remoting
-
Labels:
-
Similar Issues:
Description
Add a new CLI option that allows specifying any additional TLS certificates to trust when discovering ports via JNLP
Attachments
Activity
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/hudson/remoting/Engine.java
src/main/java/hudson/remoting/jnlp/Main.java
http://jenkins-ci.org/commit/remoting/818e58b158648e42e1260cfd0de228c1bff18446
Log:
[FIXED JENKINS-32980] Address code review comments
Code changed in jenkins
User: Oleg Nenashev
Path:
src/main/java/hudson/remoting/Engine.java
src/main/java/hudson/remoting/jnlp/Main.java
http://jenkins-ci.org/commit/remoting/93c42ab4370b06f6d8b205e9a0a2c359f3d65708
Log:
Merge pull request #72 from jenkinsci/jenkins-32980
[FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 certs
Compare: https://github.com/jenkinsci/remoting/compare/7a50b43850b1...93c42ab4370b
How is one supposed to use this? I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error:
"----END CERTIFICATE----" is not a valid option
This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate. I tried supplying both the CA cert and the server's cert. After all this failed, I added the CA cert to the Java key store and everything worked without the -cert option.
This does not work as described.
I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error:
"----END CERTIFICATE----" is not a valid option
This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate.
This doesn't work for me, either. It's unclear from the docs what I'm supposed to pass. The public key? Private key? (I've tried both.) Path to a file?
Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/hudson/remoting/Engine.java
src/main/java/hudson/remoting/jnlp/Main.java
http://jenkins-ci.org/commit/remoting/efaea8e3ef9ceed56d596f515482cb8dfe95161c
Log:
[FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 PEM encoded certificates to trust when performing JNLP port discovery on the supplied Jenkins URLs