Error while sending the sonar analysis to Sonarqube server that uses a self-signed certificate

[mayconbeserra]

Description

Error while sending the sonar analysis to Sonarqube server that uses a self-signed certificate.

The server is properly set up and the CA Certificate is installed correctly in the container.

The container can call sonarqube without issues and can also download the analyzers.

However, it cannot send the analysis in the last step.

Repro steps

Please provide the steps required to reproduce the problem

1. Create a docker image with .NET Core 6 and Java OpenJDK11

2. Install cacertificates

3. perform a curl request to check if the server validates correctly the certificate

4. dotnet new console

5. export SONAR_SCANNER_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.debug=ssl:handshake"

**JAVA_HOME can be different based on your installation

3. dotnet sonarscanner begin /k:"project-key" /d:sonar.login="1bcbe8d78d4fbc333b58ae" /d:"sonar.host.url=https://mycompanysonarserver"

4. dotnet build

5. dotnet sonarscanner end /d:sonar.login="afb0f719bb73647dba6443c7da78be76ad29011e"

If possible then please create a git repository with a repro sample or attach a zip to the issue.

Expected behavior

The expected behaviour is the analysis to be send to Sonarqube.

Sonar can download the analyses and do some additional operations against the sonarqube server. However, it cannot send the data at the final step due a certificate issue.

The result should be consistent like in other steps.

Actual behavior

INFO: EXECUTION FAILURE.

Logs

INFO: Scanner configuration file: /root/.dotnet/tools/.store/dotnet-sonarscanner/5.4.1/dotnet-sonarscanner/5.4.1/tools/net5.0/any/sonar-scanner-4.6.2.2472/conf/sonar-scanner.properties
INFO: Project root configuration file: /app/.sonarqube/out/sonar-project.properties
INFO: SonarScanner 4.6.2.2472
INFO: Java 11.0.11 Ubuntu (64-bit)
INFO: Linux 5.10.76-linuxkit amd64
INFO: SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.debug=ssl:handshake
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:29.283 UTC|SSLCipher.java:438|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
INFO: User cache: /root/.sonar/cache
javax.net.ssl|WARNING|01|main|2022-01-22 13:38:29.797 UTC|SignatureScheme.java:295|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|01|main|2022-01-22 13:38:29.797 UTC|SignatureScheme.java:295|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:29.807 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:29.840 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:29.841 UTC|PreSharedKeyExtension.java:634|No session to resume.
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:29.841 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:29.848 UTC|ClientHello.java:653|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "DA 2E A9 07 5A 9B F7 00 E2 D0 51 B7 2A DF 98 25 14 5B 1D 48 81 04 4E 0B 17 FB 30 A3 97 2A 51 A0",
  "session id"          : "A2 91 23 33 E3 FA 40 AA 7F 3E 62 6C 58 9B 8B 00 51 12 43 36 5A 65 CA 31 08 50 4E 59 42 AF FE 91",
  "cipher suites"       : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=sonarqube-development.k8s.mycompany.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "application_layer_protocol_negotiation (16)": {
      [h2, http/1.1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": x25519
          "key_exchange": {
            0000: D0 48 70 74 91 C6 28 8C   AF F4 C1 89 DD 84 86 88  .Hpt..(.........
            0010: 15 C8 07 CD 48 33 87 49   64 E0 0D F3 67 B9 DE 3C  ....H3.Id...g..<
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.154 UTC|ServerHello.java:872|Consuming ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "81 82 54 60 47 B1 EC EA 80 D5 EF 9A 12 18 3E AC C5 60 3F FA 3B EB 81 22 D7 14 5B D5 4A CC FB D1",
  "session id"          : "A2 91 23 33 E3 FA 40 AA 7F 3E 62 6C 58 9B 8B 00 51 12 43 36 5A 65 CA 31 08 50 4E 59 42 AF FE 91",
  "cipher suite"        : "TLS_AES_256_GCM_SHA384(0x1302)",
  "compression methods" : "00",
  "extensions"          : [
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    },
    "key_share (51)": {
      "server_share": {
        "named group": x25519
        "key_exchange": {
          0000: DE FD CF 6E 31 9C FD 60   A8 68 DE A0 BB 42 40 68  ...n1..`.h...B@h
          0010: B8 E2 8C FB A3 21 6F 5B   2F F6 0F 5C 1C 9F 6E 47  .....!o[/..\..nG
        }
      },
    }
  ]
}
)
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.155 UTC|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.155 UTC|ServerHello.java:968|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.157 UTC|SSLExtensions.java:163|Ignore unsupported extension: server_name
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.157 UTC|SSLExtensions.java:163|Ignore unsupported extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.157 UTC|SSLExtensions.java:163|Ignore unsupported extension: status_request
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.157 UTC|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.158 UTC|SSLExtensions.java:163|Ignore unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.159 UTC|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.159 UTC|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.160 UTC|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.167 UTC|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.167 UTC|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.168 UTC|PreSharedKeyExtension.java:896|Handling pre_shared_key absence.
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.168 UTC|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.169 UTC|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.170 UTC|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.171 UTC|SSLExtensions.java:207|Ignore unavailable extension: ec_point_formats
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.171 UTC|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.171 UTC|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.172 UTC|SSLExtensions.java:207|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|01|main|2022-01-22 13:38:30.172 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|WARNING|01|main|2022-01-22 13:38:30.172 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.173 UTC|SSLExtensions.java:207|Ignore unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.173 UTC|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.188 UTC|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.192 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.195 UTC|ChangeCipherSpec.java:246|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.209 UTC|EncryptedExtensions.java:171|Consuming EncryptedExtensions handshake message (
"EncryptedExtensions": [
  "server_name (0)": {
    <empty extension_data field>
  },
  "application_layer_protocol_negotiation (16)": {
    [http/1.1]
  }
]
)
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.209 UTC|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.210 UTC|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.211 UTC|SSLExtensions.java:173|Ignore unavailable extension: supported_groups
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.211 UTC|SSLExtensions.java:192|Consumed extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|01|main|2022-01-22 13:38:30.211 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.212 UTC|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.212 UTC|SSLExtensions.java:207|Ignore unavailable extension: supported_groups
javax.net.ssl|WARNING|01|main|2022-01-22 13:38:30.213 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.231 UTC|CertificateMessage.java:1171|Consuming server Certificate handshake message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [  
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "33 00 00 00 30 0A A7 31 B5 6D 01 16 1B 00 00 00 00 00 30",
      "signature algorithm": "SHA512withRSA",
      "issuer"             : "CN=MyCompany WSUS CA, DC=MyCompany, DC=berlin",
      "not before"         : "2020-12-14 13:36:47.000 UTC",
      "not  after"         : "2022-12-14 13:46:47.000 UTC",
      "subject"            : "CN=*.k8s.mycompany.com, OU=IT, O=MyCompany, L=Berlin, ST=DE",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
        },
        {
          ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
        },
        {
          ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
          AuthorityInfoAccess [
            [
             accessMethod: caIssuers
             accessLocation: URIName: ldap:///CN=MyCompany%20WSUS%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=MyCompany,DC=berlin?cACertificate?base?objectClass=certificationAuthority
          ]
          ]
        },
        {
          ObjectId: 2.5.29.35 Criticality=false
          AuthorityKeyIdentifier [
          KeyIdentifier [
          0000: FD 9C 61 F1 96 C7 C3 17   20 BF 00 76 24 83 A8 A1  ..a..... ..v$...
          0010: 1E 2B 00 25                                        .+.%
          ]
          ]
        },
        {
          ObjectId: 2.5.29.31 Criticality=false
          CRLDistributionPoints [
            [DistributionPoint:
               [URIName: ldap:///CN=MyCompany%20WSUS%20CA,CN=WSUS,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=MyCompany,DC=berlin?certificateRevocationList?base?objectClass=cRLDistributionPoint]
          ]]
        },
        {
          ObjectId: 2.5.29.37 Criticality=false
          ExtendedKeyUsages [
            clientAuth
            serverAuth
          ]
        },
        {
          ObjectId: 2.5.29.15 Criticality=true
          KeyUsage [
            DigitalSignature
            Key_Encipherment
          ]
        },
        {
          ObjectId: 2.5.29.14 Criticality=false
          SubjectKeyIdentifier [
          KeyIdentifier [
          0000: D0 28 CB 27 0C BE 87 4D   BA 5A A9 67 1C D4 37 FF  .(.'...M.Z.g..7.
          0010: 9F 2B 74 CC                                        .+t.
          ]
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "00",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=MyCompany CA, EMAILADDRESS=administrator@MyCompany.com, O=MyCompany GmbH, L=Berlin, ST=Berlin, C=DE",
      "not before"         : "2018-02-23 08:29:56.000 UTC",
      "not  after"         : "2028-02-21 08:29:56.000 UTC",
      "subject"            : "CN=MyCompany CA, EMAILADDRESS=administrator@MyCompany.com, O=MyCompany GmbH, L=Berlin, ST=Berlin, C=DE",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.35 Criticality=false
          AuthorityKeyIdentifier [
          KeyIdentifier [
          0000: 65 77 41 FB 91 57 F6 80   C9 E9 C5 98 13 70 FD E8  ewA..W.......p..
          0010: A2 35 41 A0                                        .5A.
          ]
          ]
        },
        {
          ObjectId: 2.5.29.19 Criticality=false
          BasicConstraints:[
            CA:true
            PathLen:2147483647
          ]
        },
        {
          ObjectId: 2.5.29.14 Criticality=false
          SubjectKeyIdentifier [
          KeyIdentifier [
          0000: 65 77 41 FB 91 57 F6 80   C9 E9 C5 98 13 70 FD E8  ewA..W.......p..
          0010: A2 35 41 A0                                        .5A.
          ]
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
]
}
)
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.232 UTC|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.232 UTC|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.268 UTC|CertificateVerify.java:1161|Consuming CertificateVerify handshake message (
"CertificateVerify": {
  "signature algorithm": rsa_pss_rsae_sha256
  "signature": {
    0000: 3C 71 7E 09 2B C0 22 23   3F 3E 04 11 51 94 B9 52  <q..+."#?>..Q..R
    0010: 7A 3C 76 AD 3C 6E 6B 13   A7 85 DA EC 60 47 3F BF  z<v.<nk.....`G?.
    0020: 3E F0 89 FA C5 EC 46 9C   ED B9 C4 31 F5 F2 6C 1C  >.....F....1..l.
    0030: 43 92 F0 CD 90 03 B4 24   84 D2 77 3B E9 81 8E C0  C......$..w;....
    0050: AC E7 17 68 47 55 20 2D   1B A3 0C 78 9A B8 83 22  ...hGU -...x..."
    0060: 70 5C A1 B9 E7 D3 14 F4   23 FE 6B 20 45 79 C6 A5  p\......#.k Ey..
    0080: BA C3 98 8B 27 6D F8 4D   08 5E 4A 79 1C 1E F0 90  ....'m.M.^Jy....
    0090: FB 6A 00 F2 11 68 68 F9   A9 4B 92 54 D1 F3 56 A6  .j...hh..K.T..V.
    00A0: 6F 30 85 95 A9 A0 E5 1D   09 30 EB B6 D1 FC E7 AB  o0.......0......
    00B0: F1 A3 79 E2 52 02 FD EF   14 81 9A 9E E2 63 C1 7B  ..y.R........c..
    00C0: 04 9A 97 8C D0 88 AC 33   BE CF C2 F6 82 AA 76 75  .......3......vu
    00D0: 79 AB C6 01 9F 65 88 32   5C 67 08 A3 2D C2 6D D9  y....e.2\g..-.m.
    00E0: 2E 17 17 BB B9 E5 C1 11   E4 19 2F 3F 0A 48 6C A0  ........../?.Hl.
    00F0: B1 FB CE BF D3 F5 14 48   D7 75 9F B1 E5 4F 7B 6A  .......H.u...O.j
    0100: 5A D0 69 83 E8 3D 1C 87   4D B0 03 44 AC 69 E8 EE  Z.i..=..M..D.i..
    0110: 5C 8C D7 C1 C0 F6 4A F7   FE C6 BE F1 45 71 AB 51  \.....J.....Eq.Q
    0120: 29 9F 6F 1C 9C 3D B2 3F   AE BE 1E BD 30 0A DA 07  ).o..=.?....0...
    0130: F1 16 C1 0B 01 EB 9E EB   8B 6D 00 83 71 B7 28 C6  .........m..q.(.
    0140: 24 23 67 17 CD F5 02 EB   3D C2 CA 8B B2 EE AF FD  $#g.....=.......
    0150: D1 36 77 70 10 90 DE A3   A3 82 C3 B1 2D BE D7 3F  .6wp........-..?
    0160: D9 3B E6 F5 93 23 75 14   E9 E5 BF 3F F3 98 2A 25  .;...#u....?..*%
    0170: 0E 1F 9A 32 F1 CA 2D A9   FC F8 6F FE AA CD CA DC  ...2..-...o.....
    0180: B7 00 0C 45 F4 73 56 EF   1F B5 25 95 64 D2 57 7E  ...E.sV...%.d.W.
    0190: 4A 27 31 E4 1B 60 F0 4D   3B 3D 80 5B 45 A5 FC FA  J'1..`.M;=.[E...
    01A0: C0 68 20 3A 7E 56 C4 80   3F 64 88 9F E3 E5 72 17  .h :.V..?d....r.
    01B0: 79 3B B4 EC 40 79 CC EB   A5 BE 68 C2 14 F4 C2 EC  y;..@y....h.....
    01C0: EA 5A 61 0C E1 07 FF 33   6A 65 CD 60 1A 9E CC 52  .Za....3je.`...R
    01D0: C4 43 33 F4 4C EE 6C 4E   F4 87 E7 02 DA CA DB EC  .C3.L.lN........
    01E0: BE C0 45 BD B3 6A E6 D9   06 DC F0 F0 F2 1F D0 87  ..E..j..........
    01F0: CA 4E 57 AD 72 BD AF 74   A0 E0 0C 3A F7 23 DE 21  .NW.r..t...:.#.!
  }
}
)
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.277 UTC|Finished.java:898|Consuming server Finished handshake message (
"Finished": {
  "verify data": {
    0000: 73 4A 00 55 D8 C6 12 35   94 96 52 51 08 35 22 63  sJ.U...5..RQ.5"c
    0010: F9 E4 BF 4F BE 74 1C 7E   94 D0 26 C9 E9 65 B9 91  ...O.t....&..e..
    0020: 6A 44 B7 68 04 FB B1 F9   BD E8 EC AA C4 A5 45 59  jD.h..........EY
  }'}
)
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.281 UTC|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.283 UTC|Finished.java:673|Produced client Finished handshake message (
"Finished": {
  "verify data": {
    0000: 9E 88 0F 26 B4 CB BB 0E   74 E3 F0 A5 CF D1 4D DD  ...&....t.....M.
    0010: 2F 11 53 BA D6 F2 22 AD   A8 A9 B2 8E 20 6F 7F 60  /.S..."..... o.`
    0020: 3C 22 95 3F 53 89 A0 85   AB 31 8D ED 64 38 8D AD  <".?S....1..d8..
  }'}
)
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.285 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.290 UTC|SSLSocketImpl.java:560|duplex close of SSLSocket
javax.net.ssl|DEBUG|01|main|2022-01-22 13:38:30.573 UTC|SSLSocketImpl.java:1657|close the SSL connection (passive)
ERROR: SonarQube server [https://sonarqube-development.k8s.mycompany.com] can not be reached
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.822s
INFO: Final Memory: 4M/24M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
        at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
        at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
        at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
        at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
        at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
        ... 7 more
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname sonarqube-development.k8s.mycompany.com not verified:
    certificate: sha256/fTaE8NRTN0mfTSN2AU/C2X0syFAs=
    DN: CN=*.k8s.mycompany.com, OU=IT, O=MyCompany, L=Berlin, ST=DE
    subjectAltNames: []
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:350)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:185)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:81)
        at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:115)
        at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:99)
        at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
        ... 10 more
ERROR: 
The SonarScanner did not complete successfully
13:38:30.627  Post-processing failed. Exit code: 1

List certificates in KeyStore

Can the JavaIOException below be the problem?

keytool -list -v -keystore $JAVA_HOME/lib/security/cacerts

#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 28 CB 27 0C BE 87 4D   BA 5A A9 67 1C D4 37 FF  .(.'...M.Z.g..7.
0010: 9F 2B 74 CC                                        .+t.
]
]

#9: ObjectId: 2.5.29.17 Criticality=false
Unparseable SubjectAlternativeName extension due to
**java.io.IOException: URI name must include scheme:*.k8s.mycompany.com**

0000: 30 43 82 15 2A 2E 6B 38   73 2E 63 6F 6D 70 6C 65  0C..*mycompany.
0020: 6F 6D 70 6C 65 76 6F 2E   62 65 72 6C 69 6E 86 15  company.
0030: 2A 2E 6B 38 73 2E 63 6F   6D 70 6C 65 76 6F 2E 62  *.k8s.mycompany.com
0040: 65 72 6C 69 6E     

Related information

• SonarScanner for MSBuild version: 5.4.1
• SonarQube server version: 9.2.4.50792
• Languages in your solution (C#)

[tom-howlett-sonarsource]

Hi @mayconbeserra

Since version 5.3.2 we have support the following parameters to specify a client cert:

/d:sonar.clientcert.path= | [optional] Specifies the path to a client certificate used to access SonarQube. The certificate must be password protected. -- | -- /d:sonar.clientcert.password= | [optional] Specifies the password for the client certificate used to access SonarQube. Required if a client certificate is used.

They are documented here. The password must be specified in the begin and end step.

If you add these, does that resolve your issue?

Tom

[mayconbeserra]

thanks for your reply, @tom-howlett-sonarsource

Our server doesn't require a client certificate.

Our website (sonarqube) is protected by TLS Certificate (https), and that TLS certificate is self-signed by our corporation and CA authority.

If you see the logs, you can see sonarqube can access and call our sonarqube, However, it cannot finish the end method.

My question is - why do some calls to our sonarqube work, and some of them does not?

[tom-howlett-sonarsource]

Hi @mayconbeserra

It looks like this is related to the Java part of the Scanner that the Scanner for .NET wraps. I'm going to close this issue. Can you please re-raise it on the community forum. Apologies we couldn't resolve it here.

Tom