Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61596

http client in jenkins swarm badly verifies hostname in SSL certificate

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • swarm-plugin
    • Jenkins ver. 2.204.5
      swarm 3.18
    • 3.19

      javax.net.ssl.SSLPeerUnverifiedException: Certificate for <jenkins.xx.yy> doesn't match any of the subject alternative names: [jenkins.xx.yy, other_name.xx.yy]
              at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
              at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
              at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
              at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
              at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
              at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
              at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
              at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
              at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
              at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
              at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
              at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
              at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142)
              at hudson.plugins.swarm.Client.run(Client.java:150)
              at hudson.plugins.swarm.Client.main(Client.java:128)
      

      The fix seems to be available in httpclient 4.5.12 https://downloads.apache.org/httpcomponents/httpclient/RELEASE_NOTES-4.5.x.txt

       

      The bug surfaced when I updated the agent machine last week and it pulled the new plugin.

       

      Curl verifies the certificate fine, as do browsers

          [JENKINS-61596] http client in jenkins swarm badly verifies hostname in SSL certificate

          Szymon S added a comment -

          I see httpclient 4.5.12 is already pulled in https://github.com/jenkinsci/swarm-plugin/commit/bd01dc3ae4918bfa77730ad05745232f665a7e96

          How soon do you plan new release?

          Szymon S added a comment - I see httpclient 4.5.12 is already pulled in https://github.com/jenkinsci/swarm-plugin/commit/bd01dc3ae4918bfa77730ad05745232f665a7e96 How soon do you plan new release?

          Basil Crow added a comment -

          This seems to be fixed by jenkinsci/swarm-plugin#190.

          Basil Crow added a comment - This seems to be fixed by jenkinsci/swarm-plugin#190 .

          Basil Crow added a comment -

          Released in 3.19. Can you please confirm that this release addresses the problem? Thank you!

          Basil Crow added a comment - Released in 3.19 . Can you please confirm that this release addresses the problem? Thank you!

            basil Basil Crow
            sobczyk Szymon S
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: