当我的Jenkins (v1.563)从服务器试图通过HTTPS克隆Git存储库时,由于Git服务器的自签名证书,它失败了。Git插件的版本是2.2.1,Git客户端插件的版本是1.9.0。我得到以下错误:
FATAL: Failed to fetch from https://myserver/repo.git
hudson.plugins.git.GitException: Failed to fetch from https://myserver/repo.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:623)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:855)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:880)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1251)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:604)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:513)
at hudson.model.Run.execute(Run.java:1706)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:231)
Caused by: hudson.plugins.git.GitException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkCredentials(CliGitAPIImpl.java:1964)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1143)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$200(CliGitAPIImpl.java:87)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:257)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146)
at hudson.remoting.UserRequest.perform(UserRequest.java:118)
at hudson.remoting.UserRequest.perform(UserRequest.java:48)
at hudson.remoting.Request$2.run(Request.java:328)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at hudson.remoting.Engine$1$1.run(Engine.java:63)
at java.lang.Thread.run(Unknown Source)
我的理解是这应该是过去的问题,因为当前版本的Git插件不应该尝试通过Java连接到Git,只能通过CLI客户端(没有证书问题)。参考这个线程。然而,错误确实发生了……尽管有自签名证书,我如何让我的Jenkins从服务器连接到Git ?
这可以通过将自签名证书添加到代理上GIT配置的正确位置来完成。
http.sslCAInfo
是您想要的配置选项,一旦您在代理上使用以下命令找到了它的位置,您就可以获得证书了。
git congif -list
这可以使用chrome或firefox完成,导航到网站并获得您的自签名证书。使用这里的步骤细节,它们需要是PEM格式。
一旦您有了整个链,它可以添加到您在http.sslCAInfo下找到的文件中。请带一份副本,以便出错时可以回滚到前一组证书。一定要从
复制--------------- BEGIN -----------
to
--------------- END -------------
一旦这样做了,GIT将知道信任您的自认证文件。
这是不推荐的
您可以选择使用以下选项禁用代理上的ssl验证:
http.sslVerify
Whether to verify the SSL certificate when fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_NO_VERIFY environment variable.
这是不推荐的