The bug:
$ curl -sS -v -k https://jenkins.musta.ch//job/monorail_build_flow/4940/api/json * About to connect() to jenkins.musta.ch port 443 (#0) * Trying 10.147.129.217... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES256-SHA * Server certificate: * subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com * start date: 2012-10-23 18:01:55 GMT * expire date: 2013-10-24 18:33:00 GMT * subjectAltName does not match jenkins.musta.ch * Closing connection #0 * SSLv3, TLS alert, Client hello (1): * SSL peer certificate or SSH remote key was not OK curl: (51) SSL peer certificate or SSH remote key was not OK ubuntu@i-60bcba0e:~$ curl -sS -v -k https://jenkins.musta.ch/ * About to connect() to jenkins.musta.ch port 443 (#0) * Trying 10.147.129.217... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES256-SHA * Server certificate: * subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com * start date: 2012-10-23 18:01:55 GMT * expire date: 2013-10-24 18:33:00 GMT * subjectAltName does not match jenkins.musta.ch * Closing connection #0 * SSLv3, TLS alert, Client hello (1): * SSL peer certificate or SSH remote key was not OK curl: (51) SSL peer certificate or SSH remote key was not OK
The fix:
--- a/src/main.c +++ b/src/main.c @@ -5375,7 +5375,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[]) if(config->insecure_ok) { /* new stuff needed for libcurl 7.10 */ my_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); - my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1); + my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); } else { char *home = homedir();
The bug:
$ curl -sS -v -k https:/ /jenkins. musta.ch/ /job/monorail_ build_flow/ 4940/api/ json AES256- SHA i-60bcba0e: ~$ curl -sS -v -k https:/ /jenkins. musta.ch/ AES256- SHA
* About to connect() to jenkins.musta.ch port 443 (#0)
* Trying 10.147.129.217... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-
* Server certificate:
* subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* start date: 2012-10-23 18:01:55 GMT
* expire date: 2013-10-24 18:33:00 GMT
* subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
ubuntu@
* About to connect() to jenkins.musta.ch port 443 (#0)
* Trying 10.147.129.217... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-
* Server certificate:
* subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* start date: 2012-10-23 18:01:55 GMT
* expire date: 2013-10-24 18:33:00 GMT
* subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
The fix:
--- a/src/main.c
if(config- >insecure_ ok) {
my_ setopt( curl, CURLOPT_ SSL_VERIFYPEER, FALSE); SSL_VERIFYHOST, 1); SSL_VERIFYHOST, 0);
+++ b/src/main.c
@@ -5375,7 +5375,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
/* new stuff needed for libcurl 7.10 */
- my_setopt(curl, CURLOPT_
+ my_setopt(curl, CURLOPT_
}
else {
char *home = homedir();