Azure DevOps Extension Not Respecting Ignore SSL Errors Option

[mason-mcglothlin]

Octopus Deploy Integration extension: v3.0.222 TFS 2018 Version (not Azure DevOps): 16.131.28601.4 Build Agent: Windows Server 2012 R2, 6.3.9600

I added a Push Package(s) to Octopus step to our release template. I used an Octopus Deploy Server defined with the "Ignore SSL Errors" checkbox checked. When I trigger the release and check the logs, I see this is the command line being used:

C:\Windows\system32\cmd.exe /D /S /C "C:\agent_work_tool\Octo\6.8.2\x64\Octo.cmd push "--server=OMITTED" "--apiKey=****" "--space=hps" "--package=OctopusDemoApp/OctopusDemoApp.ConsoleApp/OctopusDemoApp-ConsoleApp.0.1.0-14843.zip" "--package=OctopusDemoApp/OctopusDemoApp.WebApp/OctopusDemoApp-WebApp.0.1.0-14843.zip""

If I download the command line tools and inspect the help info, I see there is a --ignoreSslErrors flag. The TFS extension is failing to pass this flag, and I believe this to be a bug with the TFS extension.

I was able to workaround this issue by adding our root CA to the machine's Trusted Root CA's in certmgr (which is actually the better approach than ignoring SSL errors). But if there's going to be an option to Ignore SSL Errors, it should work properly, so that confusion is avoided.

[thedewi]

Thanks very much for the report. We have a fix making its way through in #137, which is being finalized to ship soon.

Another temporary workaround is to open the "Advanced Options" group in each task configuration, and add --ignoreSslErrors to the "Additional Arguments" field.