[JIRA] (JENKINS-13498) certificate used to sign update list is expired

Wed, 18 Apr 2012 06:54:40 -0700 

Florent Revelut created JENKINS-13498:
-----------------------------------------

             Summary: certificate used to sign update list is expired
                 Key: JENKINS-13498
                 URL: https://issues.jenkins-ci.org/browse/JENKINS-13498
             Project: Jenkins
          Issue Type: Bug
          Components: core
         Environment: Latest jenkins for windows
            Reporter: Florent Revelut
            Priority: Blocker
         Attachments: DecodedBase64.bin

trying to update list of plugins from 
http://mirrors.karan.org/jenkins/updates/update-center.json

Provides a signing certificate : 
MIIDezCCAmMCBQDerb7wMA0GCSqGSIb3DQEBBAUAMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxGDAWBgNVBAoTD0plbmtpbnMgUHJvamVjdDEaMBgGA1UEAxMRS29oc3VrZSBLYXdhZ3VjaGkxHTAbBgkqhkiG9w0BCQEWDmtrQGtvaHN1a2Uub3JnMB4XDTExMDQxOTA3MzUwNFoXDTEyMDQxODA3MzUwNFoweDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExGDAWBgNVBAoTD0plbmtpbnMgUHJvamVjdDEeMBwGA1UECxMVRGVmYXVsdCBVcGRhdGUgQ2VudGVyMRowGAYDVQQDExFLb2hzdWtlIEthd2FndWNoaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANRDu439lC/Ie+LlQ42vYICZZ9aIA8+poXhJLt1Mhosz+zFGCdljWTvO3/wxNx7uA053YTIKu73cSAxVjWK8Qfhv19hKXNKe7wvHZF0y6VbSKqKctjXsm/4nWrGr61FTIxr3LcM3byx/vJ0tykQmiDc5/oov7MmUpBLSg1yCyO70t1/NxyYy7xCreU2G1x2w+RxFakfIaLK9r33FcFH+mrEzQZHxoxlg3AuLn1WDz9+mRMvCEEZU6AQh07gBG8f8dOV9ot2vaknkF+w4OTsDdUdXY5sNghr6yQTLU8++0u/f9N8j+cP07C39OWnIjloBt3WVuhSuw83IqOJHoYh85wUCAwEAATANBgkqhkiG9w0BAQQFAAOCAQEAfAte7k2JdwxS32FkJLj6i81wDaI8EUGoN2sbTRgFs/nXMxG1RuboPRLbz63IL/eRBvcUbq1RD+7UnrFjDkmN8SQlN90w3ODobOJv3U1zaJ01ehNa3CRgsCcIRjITtSWD+b2132rR9G2a7ZXD8GQ+50QhkG6SVwPwo/mklkleRb5WTcSCKrmHvZPsxCtrMSbw6OL1dM9h0j8vLaIMpxkCoJotajsTjP94LfP4z1JU4ifXaC/uXdugoQ9t6+0n+qrsYdI4JHV9OI5nMEJ5bdhvxAzA8enj/hZ9i/lekoUurc2W87dHdO46Kyt1PjCYS4LGVRsjeh04cCocajIVL2zM0w==

Once dumped : 
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 3735928560 (0xdeadbef0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=California, L=San Jose, O=Jenkins Project, CN=Kohsuke 
Kawaguchi/emailAddress=k...@kohsuke.org
        Validity
            Not Before: Apr 19 07:35:04 2011 GMT
            Not After : Apr 18 07:35:04 2012 GMT
        Subject: C=US, ST=California, O=Jenkins Project, OU=Default Update 
Center, CN=Kohsuke Kawaguchi


=> certificate expired this morning.

this leads to the following exception when trying to refresh plugins list:

18 avr. 2012 15:28:23 hudson.model.UpdateSite doPostBack
GRAVE: <div class=error><img src='/static/10b6d8c8/images/none.gif' height=16 
width=1>Signature verification failed in the update center &#039;default&#039; 
<a href='#' class='showDetails'>(show details)</a><pre 
style='display:none'>java.security.cert.CertPathValidatorException: timestamp 
check failed
        at 
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown 
Source)
        at 
sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
(zip)

=> certificate should be renewed
=> as a workaround, we could be able to bypass signature validation

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to