TLS/ssl problems talking to github enterprise

Thu, 27 Oct 2016 09:01:45 -0700 


Our GFE instance uses a certificate from an annoying certificate authority 
(godata). To get Jenkins to talk to it at all, I had to create a trust store 
with their intermediate certificates. And now, basic operations work, 
everything tests out on the configuration page, etc. But when a pull request 
webhook fires, I get the following backtraces.


Can anyone advise?



Failed to login with creds cc1f844d-c149-46c3-9685-971711912a94
org.kohsuke.github.HttpException: Server returned HTTP response code: -1, 
message: 'null' for URL: https://git.basistech.net/api/v3/user
        at org.kohsuke.github.Requester.parse(Requester.java:540)
        at org.kohsuke.github.Requester._to(Requester.java:251)
        at org.kohsuke.github.Requester.to(Requester.java:213)
        at org.kohsuke.github.GitHub.getMyself(GitHub.java:283)
        at org.kohsuke.github.GitHub.<init>(GitHub.java:149)
        at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:201)
        at 
org.jenkinsci.plugins.github.internal.GitHubLoginFunction.applyNullSafe(GitHubLoginFunction.java:73)
        at 
org.jenkinsci.plugins.github.internal.GitHubLoginFunction.applyNullSafe(GitHubLoginFunction.java:46)
        at 
org.jenkinsci.plugins.github.util.misc.NullSafeFunction.apply(NullSafeFunction.java:18)
        at 
org.jenkinsci.plugins.github.config.GitHubServerConfig$ClientCacheFunction.applyNullSafe(GitHubServerConfig.java:348)
        at 
org.jenkinsci.plugins.github.config.GitHubServerConfig$ClientCacheFunction.applyNullSafe(GitHubServerConfig.java:344)
        at 
org.jenkinsci.plugins.github.util.misc.NullSafeFunction.apply(NullSafeFunction.java:18)
        at com.google.common.collect.Iterators$8.next(Iterators.java:812)
        at com.google.common.collect.Iterators$7.computeNext(Iterators.java:648)
        at 
com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143)
        at 
com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138)
        at 
org.jenkinsci.plugins.github.util.FluentIterableWrapper.first(FluentIterableWrapper.java:128)
        at 
com.github.kostyasha.github.integration.generic.GitHubTriggerDescriptor.githubFor(GitHubTriggerDescriptor.java:63)
        at 
org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.readyToBuildCauses(GitHubPRTrigger.java:267)
        at 
org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.doRun(GitHubPRTrigger.java:236)
        at 
org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger$1.run(GitHubPRTrigger.java:201)
        at 
hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:119)
        at 
jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected 
error: java.security.InvalidAlgorithmParameterException: the trustAnchors 
parameter must be non-empty
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
        at 
sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at com.squareup.okhttp.Connection.connectTls(Connection.java:235)
        at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
        at com.squareup.okhttp.Connection.connect(Connection.java:172)
        at 
com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367)
        at 
com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
        at 
com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:328)
        at 
com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
        at 
com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:438)
        at 
com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:389)
        at 
com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:502)
        at 
com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:105)
        at 
com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:25)
        at org.kohsuke.github.Requester.parse(Requester.java:514)
        ... 27 more
Caused by: java.lang.RuntimeException: Unexpected error: 
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter 
must be non-empty
        at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
        at sun.security.validator.Validator.getInstance(Validator.java:179)
        at 
sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        ... 41 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors 
parameter must be non-empty
        at 
java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
        at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
        at 
java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
        at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
        ... 53 more


Oct 27, 2016 9:58:05 AM SEVERE 
org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger doRun

Can't process check (Can't find appropriate client for github repo 
<https://git.basistech.net/raas/rosapi1.5>)
org.jenkinsci.plugins.github.internal.GHPluginConfigException: Can't find 
appropriate client for github repo <https://git.basistech.net/raas/rosapi1.5>
        at 
com.github.kostyasha.github.integration.generic.GitHubTriggerDescriptor.githubFor(GitHubTriggerDescriptor.java:67)
        at 
org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.readyToBuildCauses(GitHubPRTrigger.java:267)
        at 
org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger.doRun(GitHubPRTrigger.java:236)
        at 
org.jenkinsci.plugins.github.pullrequest.GitHubPRTrigger$1.run(GitHubPRTrigger.java:201)
        at 
hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:119)
        at 
jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/45643941-351f-4718-8095-d1352d7a93e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to