Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47625

Swarm client 3.6: disableSslVerification has no effect

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • swarm-plugin
    • Jenkins Swarm client 3.6
      Jenkins 2.73.2 on Docker (jenkins/jenkins:lts)
      openjdk version "1.8.0_131"
      Ubuntu 16.04.3
    • Swarm Plugin Client 3.13

      When starting swarm-client 3.6 with the option -disableSslVerification and using an invalid SSL certificate, the swarm client fails to start.

      To reproduce: The Jenkins master is running locally as a Docker container. To get the https frontend, an nginx container with an SSL certificate listens to port 443 and proxies traffic to the Jenkins master. With swarm-client 3.4, I can start the agent with

      java -jar swarm-client-3.4.jar \
      -disableClientsUniqueId \
      -name agent-3.4 \
      -disableSslVerification \
      -master https://localhost
      

      With swarm-client 3.6 I get

      javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != </*.netent.com/netent.com/*.netent.com>
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:339)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:275)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:258)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:115)
      at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:156)
      at shaded.org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:714)
      at shaded.org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1368)
      at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:394)
      at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:178)
      at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:404)
      at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:330)
      at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:224)
      at hudson.plugins.swarm.Client.run(Client.java:139)
      at hudson.plugins.swarm.Client.main(Client.java:112)
      

      Swarm client 3.6 works fine without the disableSslVerification option, or with the option when using a valid certificate.

       

      Incidentally, I noticed that swarm-client 3.4 was built with Java 8 but 3.6 was built with Java 7. Don't know if that is relevant.

          [JENKINS-47625] Swarm client 3.6: disableSslVerification has no effect

          Oleg Nenashev added a comment -

          It does. I will try to check it in early Dsc, please ping me after Dec11 if there is no uldayes

          Oleg Nenashev added a comment - It does. I will try to check it in early Dsc, please ping me after Dec11 if there is no uldayes

          Oleg Nenashev added a comment -

          Upd: updates

          Oleg Nenashev added a comment - Upd: updates

          Sergii Kipot added a comment -

          I have the same issue with the following environment:
          Jenkins Swarm client 3.11
          Jenkins 2.107.1
          openjdk version "1.8.0_162"
          Debian stretch

          Sergii Kipot added a comment - I have the same issue with the following environment: Jenkins Swarm client 3.11 Jenkins 2.107.1 openjdk version "1.8.0_162" Debian stretch

          Jonas Lindström added a comment - - edited

          oleg_nenashev Still unfixed with client 3.12.

          Jonas Lindström added a comment - - edited oleg_nenashev Still unfixed with client 3.12.

          Oleg Nenashev added a comment -

          That's why I asked to ping me.
          Sorry, I receive more requests than I can handle so some things get missed.

          Oleg Nenashev added a comment - That's why I asked to ping me. Sorry, I receive more requests than I can handle so some things get missed.

          No problem oleg_nenashev.  

          Jonas Lindström added a comment - No problem oleg_nenashev .  

          Roman Pickl added a comment -

          I ran into the same issue with 3.8 today, but it seems to work with 3.13

          Roman Pickl added a comment - I ran into the same issue with 3.8 today, but it seems to work with 3.13

          Thank you for the heads-up rompic. 3.13 seems to work for me too.

          Jonas Lindström added a comment - Thank you for the heads-up rompic . 3.13 seems to work for me too.

          Oleg Nenashev added a comment -

          Let's assume it was fixed there somehow.

          Oleg Nenashev added a comment - Let's assume it was fixed there somehow.

          Alex Gray added a comment -

          weird. It's failing for me for all versions. I tried all the way up to version 3.19.
          Maybe it the version of java that I'm using to launch the jar file?
          I'll keep digging, but that is the exact error that I get when use the disableSslVerification option.

          Alex Gray added a comment - weird. It's failing for me for all versions. I tried all the way up to version 3.19. Maybe it the version of java that I'm using to launch the jar file? I'll keep digging, but that is the exact error that I get when use the disableSslVerification option.

            oleg_nenashev Oleg Nenashev
            jl68 Jonas Lindström
            Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: