smee-client icon indicating copy to clipboard operation
smee-client copied to clipboard

Published 20 hours ago • verified publisher icon probot

Upgraded from v1.1.0 to v1.2.0 produces Hostname/IP does not match certificate's altnames: Host: smee.io. is not in the cert's altnames

Open Ginxo opened this issue 4 years ago • 5 comments

Hi,

first of all thanks for the support. We are using smee.io service/client to communicate github events with our internal Jenkins instance (nothing new here). We upgraded smee-client npm library from v1.1.0 to v1.2.2 and then this error is produced https://issues.redhat.com/browse/BXMSPROD-983

Connected https://smee.io/
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: smee.io. is not in the cert's altnames: xxxxx
....
  code: 'ERR_TLS_CERT_ALTNAME_INVALID',
  response: undefined
}

We decided to force our machine to use v1.1.0 [1] and now it's working. I've been analyzing your changes from v1.1.0 to v1.2.2 and I can see:

  • You added typescript and adapted client/index.js to client/index.ts (NOT AFFECTING)
  • You format target url using url.format (NOT AFFECTING)
  • You removed server code from there (SHOULD NOT AFFECT)
  • You upgraded these libraries (most probably by dependantbot):
    • commander@^2.12.2 to ^2.19.0 (NOT AFFECTING, treating command line args)
    • eventsource@^1.0.5 to ^1.0.7 (it shouldn't affect to us, since it's just treating HTTP events)
    • morgan@^1.9.0 to ^1.9.1 (NOT AFFECTING, logger)
    • [email protected] to ^10.11.0 (NOT AFFECTING, string validators and sanitizers)
    • superagent@^3.8.3 to ^5.0.2 (this is most probably the one which is introducing the error since is the library they use for pushing events).

It's true we can setup our certificates to include smee.io stuff but I wanted to let you know, in case you are not aware, you introduced a new integration step to perform in case you want to use smee stuff, we liked smee as it was :cupid:

[1] https://github.com/kiegroup/kie-jenkins-scripts/pull/807 related to https://issues.redhat.com/browse/BXMSPROD-983

Ginxo avatar Sep 01 '20 07:09 Ginxo

I'm seeing the same issue on RHEL 7. Only way to make 1.2.2 work was to use NODE_TLS_REJECT_UNAUTHORIZED. Once I downgraded to 1.1.0 it started working correctly.

brtduvally avatar Nov 11 '20 17:11 brtduvally

Just wanted to mention that the host header is making trouble with smee.io redirecting to a Jenkins master running in OpenShift (the HTTP response to the redirect is 503). Fixing this issue would help us a lot, thank you!

winklerm avatar Mar 18 '21 19:03 winklerm

@gr2m any idea/update on this? I would be glad to contribute but I would need a bit of guidance here, can you please provide it?

Thanks, Kike

Ginxo avatar Mar 19 '21 06:03 Ginxo

I'm afraid I cannot give a lot of guidance, I never worked on smee myself, I'm afraid to introduce regressions if we do any changes. The PR at https://github.com/probot/smee-client/pull/162 does not have any tests, and I don't know enough about smee to be confident that the change won't break things for existing users

gr2m avatar Mar 31 '21 19:03 gr2m

Also seeing this issue. Suggested user revert to 1.1.0 or set the NODE_TLS_REJECT_UNAUTHORIZED flag. Looking forward to the fix in #162 :)

derekjobst avatar Aug 30 '21 18:08 derekjobst