Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44727

Not ignoring javax.net.ssl.SSLHandshakeException(java.security.cert.CertificateException: Certificates does not conform to algorithm constraints)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: http-request-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.59
      http-request-plugin: latest(1.8.19)
      Running on Java 8 Node
    • Similar Issues:

      Description

      When we tried sending a request to one of the https servers got the following exception:

      Wanted to ignore errors instead of setting up certificates and all. Please help. Thanks. 

      def response = httpRequest contentType: 'APPLICATION_JSON', ignoreSslErrors:true, httpMode: 'POST', requestBody: body, url: "https://abc.northamerica.net:443/"
      echo response.toString()
      

      Error:

      java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
      Caused: javax.net.ssl.SSLHandshakeException
      

      Environment: Jenkins 2.59 http-request-plugin: latest(1.8.19)

        Attachments

          Activity

          nrayapati Naresh Rayapati created issue -
          Hide
          nrayapati Naresh Rayapati added a comment -

          Here is the full exception, just in case; 

          java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
          	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
          	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
          	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
          	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
          Caused: javax.net.ssl.SSLHandshakeException
          	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
          	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
          	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
          	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
          	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
          	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
          	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
          	at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
          	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
          	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
          	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
          	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
          	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
          	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
          	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
          	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
          	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
          	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
          	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
          	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
          	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
          	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
          	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
          	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
          	at jenkins.plugins.http_request.util.HttpClientUtil.execute(HttpClientUtil.java:129)
          	at jenkins.plugins.http_request.HttpRequestExecution.executeRequest(HttpRequestExecution.java:278)
          	at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:220)
          	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:187)
          	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61)
          	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
          	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
          	at hudson.remoting.Request$2.run(Request.java:336)
          	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
          Caused: java.lang.IllegalStateException
          	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:190)
          	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61)
          	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
          	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
          	at hudson.remoting.Request$2.run(Request.java:336)
          	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
          	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          	at java.lang.Thread.run(Thread.java:745)
          	at ......remote call to mock-agent-4531(Native Method)
          	at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1545)
          	at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
          	at hudson.remoting.Channel.call(Channel.java:830)
          	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:279)
          	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:263)
          	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
          	at hudson.security.ACL.impersonate(ACL.java:260)
          	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
          	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
          	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          	at java.lang.Thread.run(Thread.java:745)
          
          Show
          nrayapati Naresh Rayapati added a comment - Here is the full exception, just in case;  java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) Caused: javax.net.ssl.SSLHandshakeException at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at jenkins.plugins.http_request.util.HttpClientUtil.execute(HttpClientUtil.java:129) at jenkins.plugins.http_request.HttpRequestExecution.executeRequest(HttpRequestExecution.java:278) at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:220) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:187) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61) at hudson.remoting.UserRequest.perform(UserRequest.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:50) at hudson.remoting.Request$2.run(Request.java:336) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) Caused: java.lang.IllegalStateException at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:190) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:61) at hudson.remoting.UserRequest.perform(UserRequest.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:50) at hudson.remoting.Request$2.run(Request.java:336) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) at ......remote call to mock-agent-4531(Native Method) at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1545) at hudson.remoting.UserResponse.retrieve(UserRequest.java:253) at hudson.remoting.Channel.call(Channel.java:830) at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:279) at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:263) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47) at hudson.security.ACL.impersonate(ACL.java:260) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745)
          nrayapati Naresh Rayapati made changes -
          Field Original Value New Value
          Description When we tried sending a request to one of the https servers got the following exception:

          Wanted to ignore errors instead of setting up certificates and all. Please help. Thanks. 
          {code:java}
          def response = httpRequest contentType: 'APPLICATION_JSON', ignoreSslErrors:true, httpMode: 'POST', requestBody: body, url: "https://abc.northamerica.net:443/"
          echo response.toString()
          {code}
          Error:
          {code:java}
          java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
          at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
          Caused: javax.net.ssl.SSLHandshakeException
          {code}
          When we tried sending a request to one of the https servers got the following exception:

          Wanted to ignore errors instead of setting up certificates and all. Please help. Thanks. 
          {code:java}
          def response = httpRequest contentType: 'APPLICATION_JSON', ignoreSslErrors:true, httpMode: 'POST', requestBody: body, url: "https://abc.northamerica.net:443/"
          echo response.toString()
          {code}
          Error:
          {code:java}
          java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1117)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1043)
          at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
          at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
          Caused: javax.net.ssl.SSLHandshakeException
          {code}

          Environment: Jenkins 2.59 http-request-plugin: latest(1.8.19)
          nrayapati Naresh Rayapati made changes -
          Environment Jenkins 2.59
          http-request-plugin: latest(1.8.19)
          Running on Java 8 Node
          Hide
          nrayapati Naresh Rayapati added a comment - - edited

          I have issued a pull request with this change: https://github.com/jenkinsci/http-request-plugin/pull/26

          CC Janario Oliveira

          Show
          nrayapati Naresh Rayapati added a comment - - edited I have issued a pull request with this change: https://github.com/jenkinsci/http-request-plugin/pull/26 CC Janario Oliveira
          nrayapati Naresh Rayapati made changes -
          Assignee Janario Oliveira [ janario ] Naresh Rayapati [ nrayapati ]
          nrayapati Naresh Rayapati made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          nrayapati Naresh Rayapati made changes -
          Status In Progress [ 3 ] In Review [ 10005 ]
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Naresh Rayapati
          Path:
          src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java
          http://jenkins-ci.org/commit/http-request-plugin/6d110135d5d6a01f007af87f1f0d9fb25373f526
          Log:
          JENKINS-44727 Ignore SSL checks for Java 8

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Naresh Rayapati Path: src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java http://jenkins-ci.org/commit/http-request-plugin/6d110135d5d6a01f007af87f1f0d9fb25373f526 Log: JENKINS-44727 Ignore SSL checks for Java 8
          janario Janario Oliveira made changes -
          Resolution Fixed [ 1 ]
          Status In Review [ 10005 ] Resolved [ 5 ]
          Hide
          nrayapati Naresh Rayapati added a comment -

          We are currently using this plugin and the functionality is working.

          Show
          nrayapati Naresh Rayapati added a comment - We are currently using this plugin and the functionality is working.
          nrayapati Naresh Rayapati made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            Assignee:
            nrayapati Naresh Rayapati
            Reporter:
            nrayapati Naresh Rayapati
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: