sonar-auth-gitlab-plugin icon indicating copy to clipboard operation
sonar-auth-gitlab-plugin copied to clipboard
verified publisher icon gabrie-allaigre

self signed certs on gitlab

Open claptrap666 opened this issue 8 years ago • 7 comments

Ignore gitlab certs option wanted. cause a lot of gitlab in use will using self signed certs.

claptrap666 avatar Feb 01 '18 05:02 claptrap666

Hello, Yes it's possible.

gabrie-allaigre avatar Feb 01 '18 19:02 gabrie-allaigre

Hi, I add option in version 1.3.2

gabrie-allaigre avatar Mar 10 '18 11:03 gabrie-allaigre

thx, i saw the option, and i checked it. but, it seems not effected. cause it still show this error:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

BTW, i ran sonar on a openshift origin cluster.

claptrap666 avatar Mar 30 '18 08:03 claptrap666

You can add the self signed certificate to the list of trusted certificates:

keytool -import -alias example.tld -file /path/to/your.crt -keystore /etc/ssl/certs/java/cacerts

mgansler avatar Mar 30 '18 09:03 mgansler

thx, i know that. and i use this solution temporary. but, i won't add a variable file to my docker image. currently i replace this file by attach a volume in kubernetes. still, if this feature works, it will save me some time of configuration.

claptrap666 avatar Mar 31 '18 01:03 claptrap666

I have the same trouble : 019.02.27 10:40:20 WARN web[AWkuU3jntDKs/93WAAAU][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab' com.github.scribejava.core.exceptions.OAuthConnectionException: There was a problem while creating a connection to the remote service: https://monserveur.com/oauth/token at com.github.scribejava.core.model.OAuthRequest.send(OAuthRequest.java:39) ...

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

the certificat is in the truststore and /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java SSLPoke monserveur.com 443 Successfully connected i am using sonarqube community 7-6 docker image (with some tweaks - changing timezone, cacerts adding our's own ca)

sonar.auth.gitlab.ignore_certificate have no effect

i cannot use gitlab auth ...

manu18 avatar Feb 27 '19 10:02 manu18

This is still an ongoing issue, please take a look into it. Your plugin does not ignore certificates. While it could be worked around with Let's Encrypt certificates, sometimes it's not an option, especially on a non-routable, externally not available instance of GitLab.

hron84 avatar Jun 14 '19 13:06 hron84