Low Description
Summary
A regression in the Apache HTTPClient shipped with Bamboo 6.0.2 causes a ClassCastException when publishing an artifact to Bamboo and the SSL certificate for the server contains ASN.1 encoded entries for the Subject Alternate Name (e.g. Microsoft UPNs):
Actual Results
The below exception is thrown in the atlassian-bamboo-agent.log file:
INFO | jvm 1 | 2017/06/06 20:41:35 | 2017-06-06 20:41:35,046 WARN [0-BAM::Remote Agent::Agent:pool-3-thread-1] [AbstractArtifactManager] [B cannot be cast to java.lang.String INFO | jvm 1 | 2017/06/06 20:41:35 | java.lang.ClassCastException: [B cannot be cast to java.lang.String INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.conn.ssl.DefaultHostnameVerifier.getSubjectAltNames(DefaultHostnameVerifier.java:309) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:112) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:99) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:463) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) INFO | jvm 1 | 2017/06/06 20:41:35 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
Workaround
- Regenerate the certificates to contain only DNS entries rather than the UPNs or
- The regression is in Apache HTTPClient 4.5.3, so you could manually upgrade or downgrade the Apache HTTPClient to 4.5.4 or 4.5.2. The library is stored in <bamboo-install>/atlassian-bamboo/WEB-INF/lib/.
- Please note, these versions of the library are untested with current releases of Bamboo but some users have had success with this workaround.
Attachments
Issue Links
- is related to
-
CONFSERVER-54855 Confluence applinks fail if SSL certificate uses Subject Alternative Name (SAN)
-
- Closed
-