Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47625

Swarm client 3.6: disableSslVerification has no effect

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • swarm-plugin
    • Jenkins Swarm client 3.6
      Jenkins 2.73.2 on Docker (jenkins/jenkins:lts)
      openjdk version "1.8.0_131"
      Ubuntu 16.04.3
    • Swarm Plugin Client 3.13

      When starting swarm-client 3.6 with the option -disableSslVerification and using an invalid SSL certificate, the swarm client fails to start.

      To reproduce: The Jenkins master is running locally as a Docker container. To get the https frontend, an nginx container with an SSL certificate listens to port 443 and proxies traffic to the Jenkins master. With swarm-client 3.4, I can start the agent with

      java -jar swarm-client-3.4.jar \
-disableClientsUniqueId \
-name agent-3.4 \
-disableSslVerification \
-master https://localhost

      With swarm-client 3.6 I get

      javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != </*.netent.com/netent.com/*.netent.com>
at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:339)
at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:275)
at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:258)
at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:115)
at shaded.org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:156)
at shaded.org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:714)
at shaded.org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1368)
at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:394)
at shaded.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:178)
at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:404)
at shaded.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:330)
at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:224)
at hudson.plugins.swarm.Client.run(Client.java:139)
at hudson.plugins.swarm.Client.main(Client.java:112)

      Swarm client 3.6 works fine without the disableSslVerification option, or with the option when using a valid certificate.

       

      Incidentally, I noticed that swarm-client 3.4 was built with Java 8 but 3.6 was built with Java 7. Don't know if that is relevant.

            oleg_nenashev Oleg Nenashev
            jl68 Jonas Lindström
            Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: