Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-18443

HTTPClient throws ClassCastException when agent publishes artifact to Bamboo Server with Microsoft UPNs in the certificate

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 6.4.0
    • 6.1.0, 6.0.2
    • API
    • None

      Summary

      A regression in the Apache HTTPClient shipped with Bamboo 6.0.2 causes a ClassCastException when publishing an artifact to Bamboo and the SSL certificate for the server contains ASN.1 encoded entries for the Subject Alternate Name (e.g. Microsoft UPNs):

      Actual Results

      The below exception is thrown in the atlassian-bamboo-agent.log file:

      INFO   | jvm 1    | 2017/06/06 20:41:35 | 2017-06-06 20:41:35,046 WARN [0-BAM::Remote Agent::Agent:pool-3-thread-1] [AbstractArtifactManager] [B cannot be cast to java.lang.String
INFO   | jvm 1    | 2017/06/06 20:41:35 | java.lang.ClassCastException: [B cannot be cast to java.lang.String
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.conn.ssl.DefaultHostnameVerifier.getSubjectAltNames(DefaultHostnameVerifier.java:309)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:112)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:99)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:463)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
INFO   | jvm 1    | 2017/06/06 20:41:35 | 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

      Workaround

      • Regenerate the certificates to contain only DNS entries rather than the UPNs or
      • The regression is in Apache HTTPClient 4.5.3, so you could manually upgrade or downgrade the Apache HTTPClient to 4.5.4 or 4.5.2. The library is stored in <bamboo-install>/atlassian-bamboo/WEB-INF/lib/.
        • Please note, these versions of the library are untested with current releases of Bamboo but some users have had success with this workaround.

              Unassigned Unassigned
              jowen@atlassian.com Jeremy Owen
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: