Loading...

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: maven-plugin
Labels:
- build
- plugin
- plugins
Environment:
Jenkins 2.7.2
Maven Integration plugin 2.13

Similar Issues:

Show

I have an Apache Archiva instance running behind HAProxy. HAProxy acts as a SSL wrapper for more HTTP services, each identified via its DNS name, and each with its own certificate.

This setup requires clients to use SNI within the TLS handshake, so HAProxy can send back the proper SSL certificate. This works already for command-line maven builds on my machine. Also curl, firefox and even apache karaf are able to seamlessly communicate with my archiva repo via HTTPS.

The jenkins maven plugin seems to not send SNI during handshake, and I infer this from the fact that HAProxy replies with the wrong SSL certificate (the one for the website www.example.com/example com, instead of archiva.example.org) , as presented in the log below.

Parsing POMs
Failed to transfer Could not transfer artifact org.example:example-parent:pom:4 from/to example-releases (https://archiva.example.org/repository/example-releases): hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com>
Failed to transfer Could not find artifact org.example:example-parent:pom:4 in central (http://repo.maven.apache.org/maven2)
ERROR: Failed to parse POMs
org.apache.maven.project.ProjectBuildingException: Some problems were encountered while processing the POMs:
[FATAL] Non-resolvable parent POM: Could not transfer artifact org.example:example-parent:pom:4 from/to example-releases (https://archiva.example.org/repository/example-releases): hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com> and 'parent.relativePath' points at wrong local POM @ line 5, column 13

	at org.apache.maven.project.DefaultProjectBuilder.build(DefaultProjectBuilder.java:364)
	at hudson.maven.MavenEmbedder.buildProjects(MavenEmbedder.java:361)
	at hudson.maven.MavenEmbedder.readProjects(MavenEmbedder.java:331)
	at hudson.maven.MavenModuleSetBuild$PomParser.invoke(MavenModuleSetBuild.java:1301)
	at hudson.maven.MavenModuleSetBuild$PomParser.invoke(MavenModuleSetBuild.java:1098)
	at hudson.FilePath.act(FilePath.java:1018)
	at hudson.FilePath.act(FilePath.java:996)
	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.parsePoms(MavenModuleSetBuild.java:960)
	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.doRun(MavenModuleSetBuild.java:679)
	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
	at hudson.model.Run.execute(Run.java:1741)
	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:531)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)

I've tried to workaround this by using a proxy repository on the build machine, but this only moved the problem to the deploy step:

aven RedeployPublisher use remote  maven settings from : /var/lib/jenkins/.m2/settings.xml
[INFO] Deployment in https://archiva.example.org/repository/example-snapshots (id=example-snapshots,uniqueVersion=true)
Deploying the main artifact my-artifact-5-SNAPSHOT.pom
Downloading: https://archiva.example.org/repository/example-snapshots/org/example/my-artifact/5-SNAPSHOT/maven-metadata.xml
ERROR: Failed to retrieve remote metadata org.example:my-artifact:5-SNAPSHOT/maven-metadata.xml: Could not transfer metadata org.example:my-artifact:5-SNAPSHOT/maven-metadata.xml from/to example-snapshots (https://archiva.example.org/repository/example-snapshots): hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com>
org.apache.maven.artifact.deployer.ArtifactDeploymentException: Failed to retrieve remote metadata org.example:my-artifact:5-SNAPSHOT/maven-metadata.xml: Could not transfer metadata org.example:my-artifact:5-SNAPSHOT/maven-metadata.xml from/to example-snapshots (https://archiva.example.org/repository/example-snapshots): hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com>
	at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:143)
	at hudson.maven.reporters.MavenArtifactRecord.deploy(MavenArtifactRecord.java:193)
	at hudson.maven.RedeployPublisher.perform(RedeployPublisher.java:176)
	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:720)
	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1047)
	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:665)
	at hudson.model.Run.execute(Run.java:1766)
	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:531)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)
Caused by: org.eclipse.aether.deployment.DeploymentException: Failed to retrieve remote metadata org.example:my-artifact:5-SNAPSHOT/maven-metadata.xml: Could not transfer metadata org.example:my-artifact:5-SNAPSHOT/maven-metadata.xml from/to example-snapshots (https://archiva.example.org/repository/example-snapshots): hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com>
	at org.eclipse.aether.internal.impl.DefaultDeployer.upload(DefaultDeployer.java:470)
	at org.eclipse.aether.internal.impl.DefaultDeployer.deploy(DefaultDeployer.java:314)
	at org.eclipse.aether.internal.impl.DefaultDeployer.deploy(DefaultDeployer.java:269)
	at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy(DefaultRepositorySystem.java:413)
	at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:139)
	... 11 more
Caused by: org.eclipse.aether.transfer.MetadataTransferException: Could not transfer metadata org.example:my-artifact:5-SNAPSHOT/maven-metadata.xml from/to example-snapshots (https://archiva.example.org/repository/example-snapshots): hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com>
	at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$5.wrap(WagonRepositoryConnector.java:995)
	at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$5.wrap(WagonRepositoryConnector.java:983)
	at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$GetTask.run(WagonRepositoryConnector.java:725)
	at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run(RunnableErrorForwarder.java:67)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.maven.wagon.TransferFailedException: hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com>
	at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:892)
	at org.apache.maven.wagon.StreamWagon.getInputStream(StreamWagon.java:116)
	at org.apache.maven.wagon.StreamWagon.getIfNewer(StreamWagon.java:88)
	at org.apache.maven.wagon.StreamWagon.get(StreamWagon.java:61)
	at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$GetTask.run(WagonRepositoryConnector.java:660)
	... 4 more
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <archiva.example.org> != <example.com> OR <example.com> OR <www.example.com>
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:227)
	at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:147)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437)
	at org.apache.maven.wagon.shared.http4.ConfigurableSSLSocketFactoryDecorator.connectSocket(ConfigurableSSLSocketFactoryDecorator.java:64)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
	at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.execute(AbstractHttpClientWagon.java:746)
	at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:886)
	... 8 more
[INFO] Deployment failed after 0.49 sec
Build step 'Deploy artifacts to Maven repository' changed build result to FAILURE

I've noticed that both Jenkins' maven plugin and apache karaf 4.0.x (via pax-url) are using org.eclipse.aether to communicate with maven repos, but only karaf uses SNI - maybe using a newer version of org.eclipse.aether would solve this? I've tried looking at the code of maven plugin, but I was unable to make heads or tails of which version is used.

Browsing the issues I noticed some Jenkins plugins were recently fixed for SNI (gitlab-oauth-plugin, artifactory plugin etc). I am not sure how come maven-plugin did not encounter this issue yet.

How can I help to solve this issue?

is duplicated by

JENKINS-40903 Server Name Indication is not supported

Closed

Details

Description

Attachments

Issue Links

Activity

People

Dates