Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32980

Make it easier to use JNLP slaves with self-signed TLS certificates on Jenkins

    XMLWordPrintable

Details

    Description

      Add a new CLI option that allows specifying any additional TLS certificates to trust when discovering ports via JNLP

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/hudson/remoting/Engine.java
          src/main/java/hudson/remoting/jnlp/Main.java
          http://jenkins-ci.org/commit/remoting/efaea8e3ef9ceed56d596f515482cb8dfe95161c
          Log:
          [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 PEM encoded certificates to trust when performing JNLP port discovery on the supplied Jenkins URLs

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/remoting/Engine.java src/main/java/hudson/remoting/jnlp/Main.java http://jenkins-ci.org/commit/remoting/efaea8e3ef9ceed56d596f515482cb8dfe95161c Log: [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 PEM encoded certificates to trust when performing JNLP port discovery on the supplied Jenkins URLs
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/hudson/remoting/Engine.java
          src/main/java/hudson/remoting/jnlp/Main.java
          http://jenkins-ci.org/commit/remoting/818e58b158648e42e1260cfd0de228c1bff18446
          Log:
          [FIXED JENKINS-32980] Address code review comments

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/remoting/Engine.java src/main/java/hudson/remoting/jnlp/Main.java http://jenkins-ci.org/commit/remoting/818e58b158648e42e1260cfd0de228c1bff18446 Log: [FIXED JENKINS-32980] Address code review comments
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/hudson/remoting/Engine.java
          src/main/java/hudson/remoting/jnlp/Main.java
          http://jenkins-ci.org/commit/remoting/93c42ab4370b06f6d8b205e9a0a2c359f3d65708
          Log:
          Merge pull request #72 from jenkinsci/jenkins-32980

          [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 certs

          Compare: https://github.com/jenkinsci/remoting/compare/7a50b43850b1...93c42ab4370b

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/hudson/remoting/Engine.java src/main/java/hudson/remoting/jnlp/Main.java http://jenkins-ci.org/commit/remoting/93c42ab4370b06f6d8b205e9a0a2c359f3d65708 Log: Merge pull request #72 from jenkinsci/jenkins-32980 [FIXED JENKINS-32980] Adds a new CLI option to specify additional X.509 certs Compare: https://github.com/jenkinsci/remoting/compare/7a50b43850b1...93c42ab4370b
          jrogers Jonathan Rogers added a comment - - edited

          How is one supposed to use this? I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error:
          "----END CERTIFICATE----" is not a valid option

          This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate. I tried supplying both the CA cert and the server's cert. After all this failed, I added the CA cert to the Java key store and everything worked without the -cert option.

          jrogers Jonathan Rogers added a comment - - edited How is one supposed to use this? I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error: "---- END CERTIFICATE ----" is not a valid option This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate. I tried supplying both the CA cert and the server's cert. After all this failed, I added the CA cert to the Java key store and everything worked without the -cert option.
          jrogers Jonathan Rogers added a comment -

          This does not work as described.
           

          I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error:
          "----END CERTIFICATE----" is not a valid option

          This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate.

          jrogers Jonathan Rogers added a comment - This does not work as described.   I tried "-cert" with "@" and a file name containing a PEM-encoded certificate and received an error: "---- END CERTIFICATE ----" is not a valid option This seems to indicate a parsing problem. I also tried pasting the entire PEM-encoded certificate on the command line inside single quotes. I saw no errors related to the -cert option, but got the usual complaint about failing to validate the server's certificate.
          splatteredbits Aaron Jensen added a comment -

          This doesn't work for me, either. It's unclear from the docs what I'm supposed to pass. The public key? Private key? (I've tried both.) Path to a file?

          splatteredbits Aaron Jensen added a comment - This doesn't work for me, either. It's unclear from the docs what I'm supposed to pass. The public key? Private key? (I've tried both.) Path to a file?
          stephenconnolly Stephen Connolly added a comment -

          Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA

          stephenconnolly Stephen Connolly added a comment - Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA

          People

            Unassigned Unassigned
            stephenconnolly Stephen Connolly
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: