-
Bug
-
Resolution: Fixed
-
Minor
-
Jenkins Swarm client 3.6
Jenkins 2.73.2 on Docker (jenkins/jenkins:lts)
openjdk version "1.8.0_131"
Ubuntu 16.04.3
-
-
Swarm Plugin Client 3.13
When starting swarm-client 3.6 with the option -disableSslVerification and using an invalid SSL certificate, the swarm client fails to start.
To reproduce: The Jenkins master is running locally as a Docker container. To get the https frontend, an nginx container with an SSL certificate listens to port 443 and proxies traffic to the Jenkins master. With swarm-client 3.4, I can start the agent with
java -jar swarm-client-3.4.jar \
-disableClientsUniqueId \
-name agent-3.4 \
-disableSslVerification \
-master https://localhost
With swarm-client 3.6 I get
javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != </*.netent.com/netent.com/*.netent.com> at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:339) at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:275) at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:258) at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:115) at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:156) at shaded.org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:714) at shaded.org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1368) at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:394) at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:178) at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:404) at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:330) at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:224) at hudson.plugins.swarm.Client.run(Client.java:139) at hudson.plugins.swarm.Client.main(Client.java:112)
Swarm client 3.6 works fine without the disableSslVerification option, or with the option when using a valid certificate.
Incidentally, I noticed that swarm-client 3.4 was built with Java 8 but 3.6 was built with Java 7. Don't know if that is relevant.
[JENKINS-47625] Swarm client 3.6: disableSslVerification has no effect
Jonas Lindström
created issue -
Jonas Lindström
made changes -
| Environment |
Original:
Jenkins Swarm client 3.6 Jenkins 2.73.2 on Docker (jenkins/jenkins:lts) Ubuntu 16.04.3 |
New:
Jenkins Swarm client 3.6 Jenkins 2.73.2 on Docker (jenkins/jenkins:lts) openjdk version "1.8.0_131" Ubuntu 16.04.3 |
It does. I will try to check it in early Dsc, please ping me after Dec11 if there is no uldayes
| Assignee | Original: Kohsuke Kawaguchi [ kohsuke ] | New: Oleg Nenashev [ oleg_nenashev ] |
Sergii Kipot
added a comment - I have the same issue with the following environment:
Jenkins Swarm client 3.11
Jenkins 2.107.1
openjdk version "1.8.0_162"
Debian stretch
Sergii Kipot
added a comment - I have the same issue with the following environment:
Jenkins Swarm client 3.11
Jenkins 2.107.1
openjdk version "1.8.0_162"
Debian stretch That's why I asked to ping me.
Sorry, I receive more requests than I can handle so some things get missed.
| Labels | Original: regression | New: newbie-friendly regression remoting |
I'm also seeing this issue, and it appears that it also affects version 3.5.
The only change between 3.4 and 3.5 was "[SECURITY-597] - Pick the patched version of commons-http-client for SECURITY-555", so I guess it might have been introduced here in this fork for the fix:
https://github.com/jenkinsci/lib-commons-httpclient/
oleg_nenashev Does that sound plausible?