-
Bug
-
Resolution: Fixed
-
Blocker
-
Jenkins 2.217 on CentOS 6.10
Jenkins 2.204.3 LTS on Windows Server 2012 R2
Wildcard-SSL-Certificate in Java-Keystore in PKCS12 format
Jenkins 2.204.3 LTS on Ubuntu 18.04.4 LTS
-
-
2.218 2.204.4
With 2.217 Jenkins no longer accepts the supplied keystore which worked flawlessly with all former versions.
It complains about "multiple certificates" even if there is only one stored in the keystore.
Re-creating the keystore doesn't change a thing.
Here's the log output:
2020-01-24 09:59:56.255+0000 [id=1] SEVERE winstone.Logger#logInternal: Container startup failed java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275) at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320) at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.server.Server.doStart(Server.java:385) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at winstone.Launcher.<init>(Launcher.java:188) Caused: java.io.IOException: Failed to start Jetty at winstone.Launcher.<init>(Launcher.java:190) at winstone.Launcher.main(Launcher.java:359) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) at Main.main(Main.java:151) 2020-01-24 09:59:56.256+0000 [id=22] WARNING o.j.h.a.Index$2$1#fetch: Failed to load hudson.model.Queue java.lang.ClassNotFoundException: hudson.model.queue.QueueSorter at java.net.URLClassLoader.findClass(URLClassLoader.java:382) at java.lang.ClassLoader.loadClass(ClassLoader.java:418) at java.lang.ClassLoader.loadClass(ClassLoader.java:351) at org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:543) at java.lang.ClassLoader.loadClass(ClassLoader.java:351) Caused: java.lang.NoClassDefFoundError: hudson/model/queue/QueueSorter at java.lang.Class.getDeclaredMethods0(Native Method) at java.lang.Class.privateGetDeclaredMethods(Class.java:2701) at java.lang.Class.getDeclaredMethods(Class.java:1975) at org.jvnet.hudson.annotation_indexer.Index$2$1.fetch(Index.java:103) at org.jvnet.hudson.annotation_indexer.Index$2$1.hasNext(Index.java:73) at org.jvnet.hudson.annotation_indexer.SubtypeIterator.fetch(SubtypeIterator.java:18) at org.jvnet.hudson.annotation_indexer.SubtypeIterator.hasNext(SubtypeIterator.java:28) at hudson.init.TaskMethodFinder.discoverTasks(TaskMethodFinder.java:56) at hudson.init.InitializerFinder.discoverTasks(InitializerFinder.java:33) at hudson.init.TaskMethodFinder.discoverTasks(TaskMethodFinder.java:32) at org.jvnet.hudson.reactor.TaskBuilder$2.discoverTasks(TaskBuilder.java:61) at org.jvnet.hudson.reactor.Reactor.<init>(Reactor.java:151) at org.jvnet.hudson.reactor.Reactor.<init>(Reactor.java:156) at jenkins.model.Jenkins$5.<init>(Jenkins.java:1127) at jenkins.model.Jenkins.executeReactor(Jenkins.java:1127) at jenkins.model.Jenkins.<init>(Jenkins.java:966) at hudson.model.Hudson.<init>(Hudson.java:85) at hudson.model.Hudson.<init>(Hudson.java:81) at hudson.WebAppMain$3.run(WebAppMain.java:233)
- duplicates
-
JENKINS-60854 Upgrade to 2.217 on Windows failed due to Jetty exception
-
- Resolved
-
- is caused by
-
JENKINS-57888 Custom log format broken by 2.177
-
- Resolved
-
-
JENKINS-60821 Check and update any Jetty code with custom threadpool
-
- Resolved
-
- is duplicated by
-
JENKINS-60854 Upgrade to 2.217 on Windows failed due to Jetty exception
-
- Resolved
-
-
JENKINS-60858 HTTPS issue after update to 2.217
-
- Closed
-
- links to
[JENKINS-60857] Wildcard certificates rejected by Winstone after Jetty update
Link |
New:
This issue is duplicated by |
Labels | Original: SSL jenkins jetty | New: SSL jetty keystore |
Link |
New:
This issue duplicates |
Priority | Original: Critical [ 2 ] | New: Blocker [ 1 ] |
Assignee | New: Jesse Glick [ jglick ] |
Hello,
we encountered a similar issue (same exception), but our keystore is in JKS format and we do not have a wildcard certificate.
My guess is that this issue is connected with the jetty update 9.4.23:
releasenotes entry: 4325 Deprecate SniX509ExtendedKeyManager constructor without SslContextFactory$Server)
Best regards,
Heiko