Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48905

SSL Connection to Rocket failes if Rocket host uses SNI

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • None
    • Java: openjdk version "1.8.0_131"
      Jenkins: 2.101
      Jenkins Host OS: Debian Jessie (8)
      Rocket Server: 0.60.3
      RocketChat Notifier Plugin: 1.1.0

      When testing the connection, I get the exception found below. When manually trying to connect via openssl, I can reproduce the error but can also fix it.

      My assumption is, that the java ssl client doesn't send the servername information and thus is "routed" to the wrong website.

       

      Error reproduced via openssl

      root@host:~# openssl s_client -connect rocket.domain.com:443
      <snip>
      -----END CERTIFICATE-----
      subject=/C=DE/O=Company /CN=farmer.domain.com
      <snip>
      ---
      

      Error "fixed" via openssl

      root@host:~# openssl s_client -connect rocket.domain.com:443 -servername rocket.domain.com
      <snip>
      -----END CERTIFICATE-----
      subject=/OU=Domain Control Validated/OU=Company /OU=PositiveSSL/CN=rocket.doman.com
      issuer=<snip>
      ---

       

      Error Msg.

      Client error - Could not send message
      
      javax.net.ssl.SSLException: Certificate for <rocket.domain.com> doesn't match any of the subject alternative names: [farmer.domain.com, farmer]
          at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:165)
          at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
          at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:141)
          at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
          at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:580)
          at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554)
          at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
          at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
          at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
          at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
          at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
          at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
          at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
          at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
          at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
          at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
          at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:138)
      Caused: com.mashape.unirest.http.exceptions.UnirestException
          at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:143)
          at com.mashape.unirest.request.BaseRequest.asJson(BaseRequest.java:68)
          at jenkins.plugins.rocketchatnotifier.rocket.RocketChatBasicCallAuthentication.doAuthentication(RocketChatBasicCallAuthentication.java:46)
      Caused: java.io.IOException: Please check if the server API https://rocket.domain.com//api/v1/login is correct: javax.net.ssl.SSLException: Certificate for <rocket.domain.com> doesn't match any of the subject alternative names: [farmer.domain.com, farmer]
          at jenkins.plugins.rocketchatnotifier.rocket.RocketChatBasicCallAuthentication.doAuthentication(RocketChatBasicCallAuthentication.java:48)
          at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildCall(RocketChatClientCallBuilder.java:91)
          at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientCallBuilder.buildCall(RocketChatClientCallBuilder.java:81)
          at jenkins.plugins.rocketchatnotifier.rocket.RocketChatClientImpl.getChannels(RocketChatClientImpl.java:91)
          at jenkins.plugins.rocketchatnotifier.RocketClientImpl.<init>(RocketClientImpl.java:30)
          at jenkins.plugins.rocketchatnotifier.RocketChatNotifier$DescriptorImpl.doTestConnection(RocketChatNotifier.java:397)
          at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
          at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
          at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
          at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
          at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
          at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
          at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
          at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
          at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
          at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
          at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
          at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.Server.handle(Server.java:564)
          at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317)
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
          at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
          at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
          at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
          at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          at java.lang.Thread.run(Thread.java:748)

            mreinhardt Martin Reinhardt
            key_andi Andreas Bauer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: