Support SNI by upgrading HttpClient

[nightwolfzor]

When calling to a Jenkins URL running HTTPS which hosts multiple domains, the old version of HttpClient doesnt support SNI.

When the jenkins server is hosted where there is more than one HTTPS site hosted on the same server/IP address the following error is thrown. Error: hostname in certificate didn't match:

Need to update Apache HTTPClient/HttpComponents to 4.3.2+. I would recommend 4.3.5.

Both Certs are valid. The problem is they both exist on the same host. Typically SSL wants a unique IP per host. Hence the need for SNI.

As this plugin uses httpclient. Http client only added SNI support in 4.3.2 see https://issues.apache.org/jira/plugins/servlet/mobile#issue/HTTPCLIENT-1119

So the plugin needs to be updated with a new version of httpclient.

[mikesir87]

Thanks for the heads up. I'll see if I can get that updated.

[faizhasim]

I was debugging the HTTPClient issue, and after couple hours debugging, I just realised that Stash actually provide their own HTTPClient dependency on the SAL layer.

For addon developers, there's nothing much that we can do. I've tried bumping the version, but obviously I got the method signature mismatch. Perhaps, they should use the OSGi version of the HttpClient and doesn't enforce plugin devs to use their version.

Regardless, seems like they're on QA for https://jira.atlassian.com/browse/STASH-2970. So, we'll just need to wait.

[mikesir87]

Yeah... I remember running into this issue now during development. Looks like we'll have to wait on Stash for this support. :\

[ScOut3R]

I've just installed this plugin on Bitbucket Server 4.3 and still hitting the missing SNI support. Is there any update on this? Is Bitbucket really missing SNI support in 2016?

[marvinthepa]

@ScOut3R : same for me. I checked, BBS 4.10.1 is using apache http client version 4.5, so the http client version should not be the issue here - this is something else.