Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SSLHandshakeException on Federation
See original GitHub issueI installed 2 Gitblit, one of them is Origin (Windows 10) and another one is for federation backup (Docker). Version 1.9.1
I faced the error of using the HTTPS for origin.
federation.gitblit-federation.url = https://192.168.1.144:8443
2021-11-16 22:20:42 [ERROR] Failed to pull from federated gitblit (gitblit-federation @ https://192.168.1.144:8443) org.eclipse.jgit.api.errors.TransportException: https://192.168.1.144:8443/r/gitblit-federation.git: cannot open git-upload-pack at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:135) at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:203) at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:136) at com.gitblit.utils.JGitUtils.cloneRepository(JGitUtils.java:238) at com.gitblit.service.FederationPullService.pull(FederationPullService.java:213) at com.gitblit.service.FederationPullService.run(FederationPullService.java:96) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.eclipse.jgit.errors.TransportException: https://192.168.1.144:8443/r/gitblit-federation.git: cannot open git-upload-pack at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:527) at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:290) at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136) at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122) at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1201) at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:128) ... 12 more Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) at org.eclipse.jgit.transport.http.JDKHttpConnection.getResponseCode(JDKHttpConnection.java:98) at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:190) at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:465) ... 17 more Caused by: java.security.cert.CertificateException: No subject alternative names present at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:145) at sun.security.util.HostnameChecker.match(HostnameChecker.java:94) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:209) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
It works if I use the HTTP protocol, but need to use the HTTPS.
I knew the problem is related to the SSL Self-Signed, but can’t solve the issue.
Can you please have a look at it?
Issue Analytics
- State:
- Created 2 years ago
- Comments:13 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yes, correct. The object folder in Origin has contained many folders/files and the other side in Federation has just 4 files and the main one is
.packfileThanks for your help @flaix
Hi @flaix,
I have a question to improve the security of the Federation.
The passphrase value on the
gitblit.propertiesfile creates a Token and then with this Token, we can use it as a Federation.Is it possible to add another security option for the Federation?
For example, can I add the IP address of the Federation server on the Origin one?
Thanks