Jenkins git 插件:无法识别 Peer 的证书颁发者
[英]Jenkins git plugin: Peer's Certificate issuer is not recognized
问题描述
I am having trouble using the jenkins git plugin while trying to connect to a repo hosted via https.
在尝试连接到通过 https 托管的存储库时,我在使用 jenkins git 插件时遇到了问题。
Baue in Arbeitsbereich /opt/jenkins/jobs/TestJob2/workspace
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://my.host.de/group/project # timeout=10
Fetching upstream changes from https://my.host.de/group/project
> git --version # timeout=10
using GIT_ASKPASS to set credentials Jenkins at my.host.de
> git fetch --tags --progress https://my.host.de/group/project +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://my.host.de/group/project
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:766)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1022)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1053)
at hudson.scm.SCM.checkout(SCM.java:485)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1269)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:607)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529)
at hudson.model.Run.execute(Run.java:1738)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress https://my.host.de/group/project +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: fatal: unable to access 'https://my.host.de/group/project/': Peer's Certificate issuer is not recognized.
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1709)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1438)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:764)
... 11 more
ERROR: null
Finished: FAILURE
I can't use SSH.我无法使用 SSH。 The certificate is okay, and everything looks great.证书没问题,一切看起来都很棒。
curl -Lv does not show any errors. curl -Lv不显示任何错误。
I can clone the repository locally ont hat machine when logging in via ssh, no error message either.通过 ssh 登录时,我可以在本地计算机上克隆存储库,也没有错误消息。
Where is the switch I have to change?我必须改变的开关在哪里?
I can change this behaviour when setting the git property http.sslVerify to false for the user jenkins is running on, but this is just a workaround.当用户 jenkins 正在运行时,我可以在将 git 属性http.sslVerify设置为 false 时更改此行为,但这只是一种解决方法。
3 个解决方案
解决方案1
4 已采纳 2017-02-09 16:54:18
I just spent an hour investigating on such an issue. 我只花了一个小时调查这个问题。 What I tested was that on master everything works great with custom CA being configured into the system. 我测试的是,在master上,一切都很好,自定义CA被配置到系统中。 It took me unfortunately some time to realize that ALL slaves need to have proper gitconfig or CA certificates installed for it to work. 遗憾的是,我花了一些时间才意识到所有从属设备都需要安装适当的gitconfig或CA证书才能正常工作。
解决方案2
3 2019-09-24 13:34:00
I solved the problem adding to .gitconfig file the sslCAInfo info, like this:我解决了将sslCAInfo信息添加到.gitconfig文件的问题,如下所示:
$ echo -e "[http]\n\tsslCAInfo = /FOLDER_OF_CERTIFICATE/ca.pem" >> /var/lib/jenkins/.gitconfig
I was working with openshift... and I did it to master and the slaves to我正在使用 openshift ......我这样做是为了主人和奴隶
解决方案3
0 2021-06-21 05:13:51
It would also be a good idea to check your proxy server settings along with other git/openssl options.检查您的代理服务器设置以及其他 git/openssl 选项也是一个好主意。 It helped me resolve this issue just by updating the correct proxy settings.它帮助我通过更新正确的代理设置来解决这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.