Checking Ignore unverified SSL certificates does not actually ignore

[sarahtattersall]

Even though I have 'Ignore unverified SLL certificates' I still get the message:
'SSLPeerUnverifiedException caught while notifying Stash. Make sure your SSL certificate on your Stash server is valid or check the 'Ignore unverifiable SSL certificate' checkbox in the Stash plugin configuration of this job.' in my console output.

[ghost]

Hello, we had the same problem... debugging the plugin on a actual jenkins i found out, that the instance variables (private final String stashServerBaseUrl etc..) where always null... So for some reason:

@DataBoundConstructor
public StashNotifier(

was not doing its Job and setting the properties...

only explanation for me was, that Jenkins is setting the Properties by Reflection somhow ...

an then the problem was:

if (!ignoreUnverifiedSSL) {
ignoreUnverifiedSSL = descriptor.isIgnoreUnverifiedSsl();
}
if (getStashServerBaseUrl().startsWith("https")
&& ignoreUnverifiedSSL) {
// add unsafe trust manager to avoid thrown
// SSLPeerUnverifiedException
try {

never went into the case "https"

As quick and dirty solution we builded our own patched Plugin with all the Instance Variable Settings hard coded and made final

Was there a change in the jenkins plugin configuration api latly?

Best regards and thank you for the development of the great plugin

Daniel

[resah]

Hi,

noticed two points:

1. in global.jelly it should probably be:

     <f:checkbox name="stashNotifier.ignoreUnverifiedSsl" 
                 checked="${descriptor.isIgnoreUnverifiedSsl()}"/>
   

2. in StashNotifier.getHttpClient() it would help to check URL from global configuration, too:

   private HttpClient getHttpClient(final PrintStream logger) {
   
       HttpClient client = null;
       boolean ignoreUnverifiedSSL = ignoreUnverifiedSSLPeer;
       String url = stashServerBaseUrl;
       DescriptorImpl descriptor = getDescriptor();
   
       if ("".equals(url) || url == null) {
           url = descriptor.getStashRootUrl();
       }
   
       if (!ignoreUnverifiedSSL) {
           ignoreUnverifiedSSL = descriptor.isIgnoreUnverifiedSsl();
       }
   
       if (url.startsWith("https") && ignoreUnverifiedSSL) {
           ...
       }
   }
   

Anyhow, thanks for this helpful plugin!

Regards

Theresa

Edit: Added changes as pull request ;)

[ir73]

When this fix is going to get into Jenkins plugin repo?

[roboll]

is there a plan to release a version of the plugin with this fix?

[gruetter]

I've just distributed a Snapshot version to to more devs with the same problem to confirm the fix works. I plan to release ASAP after the confirmation (can't test myself, currently). Hang in there

[gruetter]

I'm trying to create a setup with an unverified SSL certificate. Stash is now up and running. I can clone a repo using https on the command line. I was not able to get it running in Jenkins though. When trying to configure the git repo url, I got a "Invalid certificate chain" error. Can s.o. please give me a hint as to what needs to be done here? Are you cloning via ssh or https? Did you have to configure Jenkins to make this work?

[gruetter]

Changes are included in release 1.7.