Closed tooh closed 11 years ago
Hi Peter!
That's right, it's an issue with SSL. I will use the code from TestLink plug-in to solve this issue. Probably in one day or two I will send you a new version.
Thanks for filling such detailed bug :-)
Installed new version of the plugin. Have to tackle the certiticate problem. Extra info is that I am running the .war file like this:
java -jar /usr/local/jenkins/jenkins.war --httpPort=-1 --httpsPort=8081 --httpsKeyStore=keystore.jks --httpsKeyStorePassword=[password]
This does not solve the problem.
Hmmm, weird. Do you have the certificate from your bugzilla instance in your keystore?
Hi Bruno,
I need some step to step guidance from you to manage this. I'm not so into certificates.
Hi Bruno
Can you confirm this steps:
sudo keytool -keystore /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts -import -file Certificate.cer
Get a question for the keystore password. Get an error:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
Is this a password I should have created somewhere in the process or is this the root password ?
Hi Peter
I'm not so into certificates as well. Some time ago I had this issue with SSL + Jenkins, and I remember I had to create a new keystore with a new password. But I think there is a default password... let me review what is needed for this. I will create a self signed certificate and will install at my local apache for testing. Then I will write a step-by-step blog post about it. It may be useful for other people too :)
Cheers
Hi Bruno
Your answer made me remember that i saw somewhere a default password "changeit"
Indeed the password was the default password changeit
1.I managed to add the certificate.
Building on master in workspace /Users/peter/.jenkins/workspace/TestThemAll - Plugin
Connecting to Testopia to retrieve automated test cases.
java.lang.RuntimeException: Failed to login!
at org.mozilla.testopia.service.xmlrpc.XmlRpcMiscService.login(XmlRpcMiscService.java:63)
at jenkins.plugins.testthemall.TestopiaBuilder.perform(TestopiaBuilder.java:177)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:717)
at hudson.model.Build$BuildExecution.build(Build.java:199)
at hudson.model.Build$BuildExecution.doRun(Build.java:160)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
at hudson.model.Run.execute(Run.java:1488)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:236)
Caused by: org.apache.xmlrpc.XmlRpcException: Failed to read server's response: java.security.cert.CertificateException: No subject alternative DNS name matching tooh.homedns.org found.
at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:161)
at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:143)
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:69)
at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:137)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:126)
at org.mozilla.testopia.service.xmlrpc.XmlRpcMiscService.login(XmlRpcMiscService.java:61)
... 10 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching tooh.homedns.org found.
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:104)
at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:151)
... 17 more
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching tooh.homedns.org found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 30 more
ERROR: Failed to login!
Finished: FAILURE
Hmmm, will have to try to reproduce at my machine. But I've never seen an error message like this:
No subject alternative DNS name matching tooh.homedns.org found.
Situation is as follows.
I will have to check this and perhaps issue a different cetificate. I use the OSX Keychain Access application fort this.
This project is getting more interesting everyday :)
True indeed hahaha, unexpected situations with interesting context. I will try to find some spare time this week to work on this busy again.
STEPS
sudo keytool -delete -keystore /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts -alias mykey
sudo keytool -keystore /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts -import -file Certificate.cer
RESULT I now get a different error:
java.security.cert.CertPathValidatorException: CA key usage check failed: keyCertSign bit is not set
:-| never seen this exception too hahaha
I changed something in the Certificate
When importing I see the following:
Extensions:
KeyUsage [ DigitalSignature Key_CertSign ]
ExtendedKeyUsages [ serverAuth ]
So in KeyUsage I now have the Key_CertSign on.
RESULT:
Retested and got the same error. Grrrrrr....
Hi Bruno, Still no results, don't know what to do now. Informed with some contacts that use Java if they have a suggestion.
Can you perhaps give me a keytool example that in your opinion should produce the correct certificate, given my host name iMac.local and my dynDnS/ virtual host name t00.homedns.org ?
Am I adding the cer to the correct keystore ? (used command described earlier)
I really want to push this forward.
Hi Peter, I've arrived from US and now am reorganizing my activities. I'll have a cycle to work on this next week, and no more talks or articles this year, so no more distractions \o/ (only vacations soon haha)
Will keep you posted
Ah, was it a nice trip ? I kept on googling and found this.
http://www.exampledepot.com/egs/javax.net.ssl/trustall.html
Can this be of help for this problem as well. ? I know this is not a "secure" solution but perhaps with an option you can set in the job it can be usefull for testing puposes.
I found a plugin skip-certificate-check. This does wat it says. Highly insecure but for now a nice workaround.
After installing this i get some new testresults.
I will log this in a separate issue.
The trip was all right. I miss the local food so much when I'm abroad, but much more when I am in the US, as there are so much fast food (and it is so cheap hehe).
Hmmm, handy plug-in :D good to know. So let's focus on other functionalities for now. We can come back at this issue later.
Issue ported to JIRA, see issues.jenkins-ci.org
ENVIRONMENT:
OS: Darwin iMac.local 11.4.0 Darwin Kernel Version 11.4.0: Mon Apr 9 19:32:15 PDT 2012; root:xnu-1699.26.8~1/RELEASE_X86_64 x86_64
BUGZILLA: version 4.2.1
TESTOPIA: version 2.5
JENKINS: version 1.471
TestThemAll plugin: version ???
PREREQUISITES::
RESULT:
When doing a Build it fails showing in the console output that login was not successfull.
ANALYIS: Perhaps it is a problem that the Testopia instance uses https and the server does not have an official certificate.
LOGFILE:
Started by user anonymous [EnvInject] - Loading node environment variables. Building on master in workspace /Users/peter/.jenkins/workspace/TestThemAll - Plugin Connecting to Testopia to retrieve automated test cases. java.lang.RuntimeException: Failed to login! at org.mozilla.testopia.service.xmlrpc.XmlRpcMiscService.login(XmlRpcMiscService.java:63) at jenkins.plugins.testthemall.TestopiaBuilder.perform(TestopiaBuilder.java:169) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:717) at hudson.model.Build$BuildExecution.build(Build.java:199) at hudson.model.Build$BuildExecution.doRun(Build.java:160) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) at hudson.model.Run.execute(Run.java:1484) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46) at hudson.model.ResourceController.execute(ResourceController.java:88) at hudson.model.Executor.run(Executor.java:236) Caused by: org.apache.xmlrpc.XmlRpcException: Failed to read server's response: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:161) at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:143) at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:69) at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56) at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167) at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:137) at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:126) at org.mozilla.testopia.service.xmlrpc.XmlRpcMiscService.login(XmlRpcMiscService.java:61) ... 10 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:104) at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:151) ... 17 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185) ... 30 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 36 more ERROR: Failed to login! Finished: FAILURE