[JENKINS-44727] Not ignoring javax.net.ssl.SSLHandshakeException(java.security.cert.CertificateException: Certificates does not conform to algorithm constraints)

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: http-request-plugin
Labels:
None
Environment:
Jenkins 2.59
http-request-plugin: latest(1.8.19)
Running on Java 8 Node

Similar Issues:
Powered by SuggestiMate

Show

When we tried sending a request to one of the https servers got the following exception:

Wanted to ignore errors instead of setting up certificates and all. Please help. Thanks.

def response = httpRequest contentType: 'APPLICATION_JSON', ignoreSslErrors:true, httpMode: 'POST', requestBody: body, url: "https://abc.northamerica.net:443/"
echo response.toString()

Error:

java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
Caused: javax.net.ssl.SSLHandshakeException

Environment: Jenkins 2.59 http-request-plugin: latest(1.8.19)

Naresh Rayapati added a comment - 2017-06-06 15:48

Here is the full exception, just in case;

java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
Caused: javax.net.ssl.SSLHandshakeException
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
	at jenkins.plugins.http_request.util.HttpClientUtil.execute(HttpClientUtil.java:129)
	at jenkins.plugins.http_request.HttpRequestExecution.executeRequest(HttpRequestExecution.java:278)
	at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:220)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:187)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61)
	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
	at hudson.remoting.Request$2.run(Request.java:336)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
Caused: java.lang.IllegalStateException
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:190)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61)
	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
	at hudson.remoting.Request$2.run(Request.java:336)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
	at ......remote call to mock-agent-4531(Native Method)
	at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1545)
	at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
	at hudson.remoting.Channel.call(Channel.java:830)
	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:279)
	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:263)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
	at hudson.security.ACL.impersonate(ACL.java:260)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

Naresh Rayapati added a comment - 2017-06-06 15:48 Here is the full exception, just in case; java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) Caused: javax.net.ssl.SSLHandshakeException at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at jenkins.plugins.http_request.util.HttpClientUtil.execute(HttpClientUtil.java:129) at jenkins.plugins.http_request.HttpRequestExecution.executeRequest(HttpRequestExecution.java:278) at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:220) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:187) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61) at hudson.remoting.UserRequest.perform(UserRequest.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:50) at hudson.remoting.Request$2.run(Request.java:336) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) Caused: java.lang.IllegalStateException at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:190) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61) at hudson.remoting.UserRequest.perform(UserRequest.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:50) at hudson.remoting.Request$2.run(Request.java:336) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) at ......remote call to mock-agent-4531(Native Method) at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1545) at hudson.remoting.UserResponse.retrieve(UserRequest.java:253) at hudson.remoting.Channel.call(Channel.java:830) at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:279) at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:263) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47) at hudson.security.ACL.impersonate(ACL.java:260) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745)

Naresh Rayapati added a comment - 2017-06-07 02:29 - edited

I have issued a pull request with this change: https://github.com/jenkinsci/http-request-plugin/pull/26

CC janario

Naresh Rayapati added a comment - 2017-06-07 02:29 - edited I have issued a pull request with this change: https://github.com/jenkinsci/http-request-plugin/pull/26 CC janario

SCM/JIRA link daemon added a comment - 2017-06-09 21:11

Code changed in jenkins
User: Naresh Rayapati
Path:
src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java
http://jenkins-ci.org/commit/http-request-plugin/6d110135d5d6a01f007af87f1f0d9fb25373f526
Log:
~~JENKINS-44727~~ Ignore SSL checks for Java 8

SCM/JIRA link daemon added a comment - 2017-06-09 21:11 Code changed in jenkins User: Naresh Rayapati Path: src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java http://jenkins-ci.org/commit/http-request-plugin/6d110135d5d6a01f007af87f1f0d9fb25373f526 Log: JENKINS-44727 Ignore SSL checks for Java 8

Naresh Rayapati added a comment - 2017-08-26 00:53

We are currently using this plugin and the functionality is working.

Naresh Rayapati added a comment - 2017-08-26 00:53 We are currently using this plugin and the functionality is working.

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Naresh Rayapati added a comment - 2017-06-06 15:48

Expand comment: Naresh Rayapati added a comment - 2017-06-06 15:48

Collapse comment: Naresh Rayapati added a comment - 2017-06-07 02:29, Edited by Naresh Rayapati - 2017-06-08 02:03

Expand comment: Naresh Rayapati added a comment - 2017-06-07 02:29, Edited by Naresh Rayapati - 2017-06-08 02:03

Collapse comment: SCM/JIRA link daemon added a comment - 2017-06-09 21:11

Expand comment: SCM/JIRA link daemon added a comment - 2017-06-09 21:11

Collapse comment: Naresh Rayapati added a comment - 2017-08-26 00:53

Expand comment: Naresh Rayapati added a comment - 2017-08-26 00:53

People

Dates