Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44727

Not ignoring javax.net.ssl.SSLHandshakeException(java.security.cert.CertificateException: Certificates does not conform to algorithm constraints)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • http-request-plugin
    • None
    • Jenkins 2.59
      http-request-plugin: latest(1.8.19)
      Running on Java 8 Node

      When we tried sending a request to one of the https servers got the following exception:

      Wanted to ignore errors instead of setting up certificates and all. Please help. Thanks. 

      def response = httpRequest contentType: 'APPLICATION_JSON', ignoreSslErrors:true, httpMode: 'POST', requestBody: body, url: "https://abc.northamerica.net:443/"
echo response.toString()

      Error:

      java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
Caused: javax.net.ssl.SSLHandshakeException

      Environment: Jenkins 2.59 http-request-plugin: latest(1.8.19)

          [JENKINS-44727] Not ignoring javax.net.ssl.SSLHandshakeException(java.security.cert.CertificateException: Certificates does not conform to algorithm constraints)

          Naresh Rayapati created issue -

          Naresh Rayapati added a comment -

          Here is the full exception, just in case; 

          java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
Caused: javax.net.ssl.SSLHandshakeException
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
	at jenkins.plugins.http_request.util.HttpClientUtil.execute(HttpClientUtil.java:129)
	at jenkins.plugins.http_request.HttpRequestExecution.executeRequest(HttpRequestExecution.java:278)
	at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:220)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:187)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61)
	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
	at hudson.remoting.Request$2.run(Request.java:336)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
Caused: java.lang.IllegalStateException
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:190)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61)
	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
	at hudson.remoting.Request$2.run(Request.java:336)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
	at ......remote call to mock-agent-4531(Native Method)
	at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1545)
	at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
	at hudson.remoting.Channel.call(Channel.java:830)
	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:279)
	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:263)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
	at hudson.security.ACL.impersonate(ACL.java:260)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

          Naresh Rayapati added a comment - Here is the full exception, just in case;  java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) Caused: javax.net.ssl.SSLHandshakeException at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at jenkins.plugins.http_request.util.HttpClientUtil.execute(HttpClientUtil.java:129) at jenkins.plugins.http_request.HttpRequestExecution.executeRequest(HttpRequestExecution.java:278) at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:220) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:187) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61) at hudson.remoting.UserRequest.perform(UserRequest.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:50) at hudson.remoting.Request$2.run(Request.java:336) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) Caused: java.lang.IllegalStateException at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:190) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61) at hudson.remoting.UserRequest.perform(UserRequest.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:50) at hudson.remoting.Request$2.run(Request.java:336) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) at ......remote call to mock-agent-4531(Native Method) at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1545) at hudson.remoting.UserResponse.retrieve(UserRequest.java:253) at hudson.remoting.Channel.call(Channel.java:830) at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:279) at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:263) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47) at hudson.security.ACL.impersonate(ACL.java:260) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745)
          Naresh Rayapati made changes -
          Description Original: When we tried sending a request to one of the https servers got the following exception:

          Wanted to ignore errors instead of setting up certificates and all. Please help. Thanks. 
          {code:java}
          def response = httpRequest contentType: 'APPLICATION_JSON', ignoreSslErrors:true, httpMode: 'POST', requestBody: body, url: "https://abc.northamerica.net:443/"
          echo response.toString()
          {code}
          Error:
          {code:java}
          java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
          at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
          Caused: javax.net.ssl.SSLHandshakeException
          {code}           		New: When we tried sending a request to one of the https servers got the following exception:

          Wanted to ignore errors instead of setting up certificates and all. Please help. Thanks. 
          {code:java}
          def response = httpRequest contentType: 'APPLICATION_JSON', ignoreSslErrors:true, httpMode: 'POST', requestBody: body, url: "https://abc.northamerica.net:443/"
          echo response.toString()
          {code}
          Error:
          {code:java}
          java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
          at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
          Caused: javax.net.ssl.SSLHandshakeException
          {code}

          Environment: Jenkins 2.59 http-request-plugin: latest(1.8.19)
          Naresh Rayapati made changes -
          Environment New: Jenkins 2.59
          http-request-plugin: latest(1.8.19)
          Running on Java 8 Node

          Naresh Rayapati added a comment - - edited

          I have issued a pull request with this change: https://github.com/jenkinsci/http-request-plugin/pull/26

          CC janario

          Naresh Rayapati added a comment - - edited I have issued a pull request with this change: https://github.com/jenkinsci/http-request-plugin/pull/26 CC janario
          Naresh Rayapati made changes -
          Assignee Original: Janario Oliveira [ janario ] New: Naresh Rayapati [ nrayapati ]
          Naresh Rayapati made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Naresh Rayapati made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Naresh Rayapati
          Path:
          src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java
          http://jenkins-ci.org/commit/http-request-plugin/6d110135d5d6a01f007af87f1f0d9fb25373f526
          Log:
          JENKINS-44727 Ignore SSL checks for Java 8

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Naresh Rayapati Path: src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java http://jenkins-ci.org/commit/http-request-plugin/6d110135d5d6a01f007af87f1f0d9fb25373f526 Log: JENKINS-44727 Ignore SSL checks for Java 8
          Janario Oliveira made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]

            nrayapati Naresh Rayapati
            nrayapati Naresh Rayapati
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: