Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47950

0.28.1 update breaks GHE auth - javax.net.ssl.SSLHandshakeException

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Component/s: github-oauth-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.73.3,
      GitHub Authentication plugin from 0.27 to 0.28.1,
      IBM Java 1.8.0 (see below)
    • Similar Issues:

      Description

      This happens consistently when I upgrade from 0.27 to 0.28.1. I've tried clearing out the Global Security section and starting again, and it doesn't make a difference. Going back to the previous github-oauth.jpi and restarting fixes the problem immediately.

      I'm using Matrix based security, four groups with different access levels.

      I think the key lines from the stack trace are:

      Also: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        Caused: org.kohsuke.github.HttpException: Server returned HTTP response code: -1, message: 'null' for URL: https://github.<mycompany>.com/api/v3/user
      

      Java version

      $ /opt/ibm/java-x86_64-80/jre/bin/java -version
      java version "1.8.0"
      Java(TM) SE Runtime Environment (build pxa6480sr1-20150417_01(SR1))
      IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20150410_243669 (JIT enabled, AOT enabled)
      J9VM - R28_Java8_SR1_20150410_1531_B243669
      JIT  - tr.r14.java_20150402_88976.03
      GC   - R28_Java8_SR1_20150410_1531_B243669_CMPRSS
      J9CL - 20150410_243669)
      JCL - 20150413_01 based on Oracle jdk8u45-b13 
      

       

      Stack trace:

      Also:   javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
      javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
          at com.ibm.jsse2.j.a(j.java:37)
          at com.ibm.jsse2.j.a(j.java:7)
          at com.ibm.jsse2.as.b(as.java:75)
          at com.ibm.jsse2.as.a(as.java:829)
          at com.ibm.jsse2.as.i(as.java:822)
          at com.ibm.jsse2.as.a(as.java:392)
          at com.ibm.jsse2.as.startHandshake(as.java:507)
          at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
          at com.squareup.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
          at com.squareup.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
          at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
          at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
          at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
          at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
          at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
          at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:450)
          at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:399)
          at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:527)
          at com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:105)
          at com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:25)
          at org.kohsuke.github.Requester.parse(Requester.java:602)
      Caused: org.kohsuke.github.HttpException: Server returned HTTP response code: -1, message: 'null' for URL: https://github.<mycompany>.com/api/v3/user
          at org.kohsuke.github.Requester.parse(Requester.java:633)
          at org.kohsuke.github.Requester.parse(Requester.java:594)
          at org.kohsuke.github.Requester._to(Requester.java:272)
          at org.kohsuke.github.Requester.to(Requester.java:234)
          at org.kohsuke.github.GitHub.getMyself(GitHub.java:384)
          at org.kohsuke.github.GitHub.<init>(GitHub.java:158)
          at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:207)
          at org.jenkinsci.plugins.GithubAuthenticationToken.getGitHub(GithubAuthenticationToken.java:211)
          at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:126)
          at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:374)
          at java.lang.invoke.VirtualHandle.invokeExact_thunkArchetype_L(VirtualHandle.java:122)
          at java.lang.invoke.AsTypeHandle.invokeExact_thunkArchetype_X(AsTypeHandle.java:34)
          at java.lang.invoke.InvokeGenericHandle.invokeExact_thunkArchetype_X(InvokeGenericHandle.java:71)
          at java.lang.invoke.SpreadHandle.invokeExact_thunkArchetype_X(SpreadHandle.java:77)
          at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:538)
          at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
          at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
          at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
          at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
          at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
          at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
          at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
          at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
          at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
          at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
          at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:232)
          at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:209)
          at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
          at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:113)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
          at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:138)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:92)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
          at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
          at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
          at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.Server.handle(Server.java:564)
          at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317)
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
          at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
          at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
          at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
          at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
          at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
          at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
          at java.lang.Thread.run(Thread.java:785)
      

        Attachments

          Activity

          Hide
          sag47 Sam Gleske added a comment -

          I can't confirm this issue since I don't have GitHub Enterprise. How did you set up your java trust store for Jenkins handshaking with GitHub Enterprise?

          Show
          sag47 Sam Gleske added a comment - I can't confirm this issue since I don't have GitHub Enterprise. How did you set up your java trust store for Jenkins handshaking with GitHub Enterprise?
          Hide
          sag47 Sam Gleske added a comment -

          I'm not able to reproduce this.  Since this hasn't been updated and no additional users have commented their experience related to this issue, I'm closing.

          Please feel free to reopen and add more information if you feel closing is an error.

          Show
          sag47 Sam Gleske added a comment - I'm not able to reproduce this.  Since this hasn't been updated and no additional users have commented their experience related to this issue, I'm closing. Please feel free to reopen and add more information if you feel closing is an error.
          Hide
          gibfahn Gibson Fahnestock added a comment -

          >How did you set up your java trust store for Jenkins handshaking with GitHub Enterprise?

           

          I don't understand the question, I didn't do anything to set up the GHE auth except what's documented in the plugin page.

           

          >Please feel free to reopen and add more information if you feel closing is an error.

           

          Sorry for not updating this, I'm not sure what other information to provide. Our Jenkins is on an internal network, and it (pre-update) has no issues connecting to Github Enterprise. These are our settings (dangerous bits removed). Maybe it's because we're using an IBM Java version.

           

          Show
          gibfahn Gibson Fahnestock added a comment - >How did you set up your java trust store for Jenkins handshaking with GitHub Enterprise?   I don't understand the question, I didn't do anything to set up the GHE auth except what's documented in the plugin page.   >Please feel free to reopen and add more information if you feel closing is an error.   Sorry for not updating this, I'm not sure what other information to provide. Our Jenkins is on an internal network, and it (pre-update) has no issues connecting to Github Enterprise. These are our settings (dangerous bits removed). Maybe it's because we're using an IBM Java version.  
          Hide
          gibfahn Gibson Fahnestock added a comment -

          I have now reproduced with OpenJDK 8

           

          openjdk version "1.8.0_161"
          OpenJDK Runtime Environment (build 1.8.0_161-b14)
          OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)

           

          so I think this is an actual issue with this update.

          Show
          gibfahn Gibson Fahnestock added a comment - I have now reproduced with OpenJDK 8   openjdk version "1.8.0_161" OpenJDK Runtime Environment (build 1.8.0_161-b14) OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)   so I think this is an actual issue with this update.
          Hide
          sag47 Sam Gleske added a comment -

          This is an SSL certificates issue and not something specific to the GitHub OAuth plugin. I have SSL in my own production setups of Jenkins. I'm not able to reproduce this issue myself.

          Show
          sag47 Sam Gleske added a comment - This is an SSL certificates issue and not something specific to the GitHub OAuth plugin. I have SSL in my own production setups of Jenkins. I'm not able to reproduce this issue myself.
          Hide
          sag47 Sam Gleske added a comment -

          I'm not able to reproduce the issue. If you can, provide exact steps to reproduce from scratch so that I can help determine if there's an issue in the plugin.

          Show
          sag47 Sam Gleske added a comment - I'm not able to reproduce the issue. If you can, provide exact steps to reproduce from scratch so that I can help determine if there's an issue in the plugin.

            People

            Assignee:
            sag47 Sam Gleske
            Reporter:
            gibfahn Gibson Fahnestock
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: