Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

javax.net.ssl.SSLException: hostname in certificate didn't match: <gcr.io/64.233.166.82> != <*.googlecode.com> OR ... #1390

Closed
nirdothan-zz opened this issue Jan 3, 2019 · 6 comments
Closed

javax.net.ssl.SSLException: hostname in certificate didn't match: <gcr.io/64.233.166.82> != <*.googlecode.com> OR ... #1390

nirdothan-zz opened this issue Jan 3, 2019 · 6 comments

Comments

@nirdothan-zz
Copy link

Description of the issue:
Build image failed when running with Gradle in an oldish Spring Boot 1.4 project. New Spring Boot 2.0 projects built in the same computer run fine. Suspecting that some of the unrelated project dependencies are causing the issue. Note that a similar issue happens if I change my jib.from config to pull from dockerhub, then I get a message that dockerhub certs don't match.

Expected behavior: project should build and publish

Steps to reproduce: ./gradlew jib

Environment: OSX 0.14.2, java version "1.8.0_191", Gradle 4.6

jib-gradle-plugin Configuration: 

buildscript {
    repositories {
        mavenCentral()
        maven { url 'http://repo.spring.io/milestone' }// milestones and release candidates
        maven { url 'https://plugins.gradle.org/m2/' }
        dependencies{
            classpath "org.springframework.boot:spring-boot-gradle-plugin:1.5.8.RELEASE",
                      "io.spring.gradle:dependency-management-plugin:0.6.1.RELEASE"
        }
    }
}
plugins { 
    id 'java'
    id 'idea'
    id 'maven'
    id 'org.springframework.boot' version '1.5.8.RELEASE'
    id 'io.spring.dependency-management' version '0.6.1.RELEASE'
    id 'com.github.ksoichiro.build.info' version '0.2.0'
    id 'com.google.cloud.tools.jib' version '0.10.1'
}


//======= qwilt maven repos ===========//
apply from: "repos.gradle"

//======= dependencies section ===========//

dependencyManagement {
    imports {
        mavenBom "org.springframework.cloud:spring-cloud-starter-parent:$springCloudStartParentVersion"
        mavenBom "com.amazonaws:aws-java-sdk-bom:$amazonAwsJavaSdkVersion"
    }
}

dependencies {
    compile ("org.springframework.boot:spring-boot-starter-web")
    compile ("com.stormpath.spring:stormpath-default-spring-boot-starter:$stormpathSpringBootVersion")
    compile ("io.jsonwebtoken:jjwt:$jsonwebtokenVersion")
    compile ("org.springframework:spring-test:$springTestVersion")
    compile ("org.mockito:mockito-all:$mockitoAllVersion")
    compile ("org.springframework:spring-mock:$springMockVersion")
    compile ("org.springframework.security.oauth:spring-security-oauth2")
    compile ("org.springframework.cloud:spring-cloud-starter-feign")
    compile ("org.springframework.boot:spring-boot-starter-actuator")
    compile ("org.springframework.boot:spring-boot-starter-aop")
    compile ("org.springframework:spring-web")
    compile ("javax.servlet:javax.servlet-api:$javaxServletApiVersion")
    compile ("com.amazonaws:aws-java-sdk-s3:$amazonAwsJavaSdkVersion")
    compile ("org.apache.commons:commons-compress:$apacheCommonsCompress")
    compile ("com.qwilt.cq.common:common-sdk:$qwiltUseCommonSdkVersion")
    compile ("ch.qos.logback:logback-classic:$logbackClassicVersion")
    compile ("org.springframework.boot:spring-boot-starter-cache")
    compile ("org.springframework.cloud:spring-cloud-commons")
    compile ("org.springframework.cloud:spring-cloud-context")
    compile ("com.qwilt.cq.common:common-microservice:$qwiltUseCommonMSVersion")
}

jib{
    to {
        image = 'myprivaterepo/myproject'

        auth {
            username = '*****'
            password = '*****'
        }
    }
}

Log output: 

./gradlew --no-daemon jib  --stacktrace

Containerizing application to qwilt/stormpath...
warning: Base image 'gcr.io/distroless/java' does not use a specific image digest - build may not be reproducible
Retrieving registry credentials for registry.hub.docker.com...
Getting base image gcr.io/distroless/java...
Building dependencies layer...
Building resources layer...
Building classes layer...

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':jib'.
> com.google.cloud.tools.jib.plugins.common.BuildStepsExecutionException: Build image failed

* Try:
Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Exception is:
org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':jib'.
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:103)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:73)
        at org.gradle.api.internal.tasks.execution.OutputDirectoryCreatingTaskExecuter.execute(OutputDirectoryCreatingTaskExecuter.java:51)
        at org.gradle.api.internal.tasks.execution.SkipUpToDateTaskExecuter.execute(SkipUpToDateTaskExecuter.java:59)
        at org.gradle.api.internal.tasks.execution.ResolveTaskOutputCachingStateExecuter.execute(ResolveTaskOutputCachingStateExecuter.java:54)
        at org.gradle.api.internal.tasks.execution.ValidatingTaskExecuter.execute(ValidatingTaskExecuter.java:59)
        at org.gradle.api.internal.tasks.execution.SkipEmptySourceFilesTaskExecuter.execute(SkipEmptySourceFilesTaskExecuter.java:101)
        at org.gradle.api.internal.tasks.execution.FinalizeInputFilePropertiesTaskExecuter.execute(FinalizeInputFilePropertiesTaskExecuter.java:44)
        at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:91)
        at org.gradle.api.internal.tasks.execution.ResolveTaskArtifactStateTaskExecuter.execute(ResolveTaskArtifactStateTaskExecuter.java:62)
        at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:59)
        at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:54)
        at org.gradle.api.internal.tasks.execution.ExecuteAtMostOnceTaskExecuter.execute(ExecuteAtMostOnceTaskExecuter.java:43)
        at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:34)
        at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker$1.run(DefaultTaskGraphExecuter.java:256)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:336)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:328)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:199)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:110)
        at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:249)
        at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:238)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.processTask(DefaultTaskPlanExecutor.java:123)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.access$200(DefaultTaskPlanExecutor.java:79)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:104)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:98)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionPlan.execute(DefaultTaskExecutionPlan.java:663)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionPlan.executeWithTask(DefaultTaskExecutionPlan.java:597)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.run(DefaultTaskPlanExecutor.java:98)
        at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
        at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:46)
        at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:55)
Caused by: org.gradle.internal.UncheckedException: com.google.cloud.tools.jib.plugins.common.BuildStepsExecutionException: Build image failed
        at org.gradle.internal.UncheckedException.throwAsUncheckedException(UncheckedException.java:63)
        at org.gradle.internal.UncheckedException.throwAsUncheckedException(UncheckedException.java:40)
        at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:76)
        at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:46)
        at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:39)
        at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:26)
        at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:788)
        at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:755)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$1.run(ExecuteActionsTaskExecuter.java:124)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:336)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:328)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:199)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:110)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeAction(ExecuteActionsTaskExecuter.java:113)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:95)
        ... 30 more
Caused by: com.google.cloud.tools.jib.plugins.common.BuildStepsExecutionException: Build image failed
        at com.google.cloud.tools.jib.plugins.common.BuildStepsRunner.build(BuildStepsRunner.java:274)
        at com.google.cloud.tools.jib.gradle.BuildImageTask.buildImage(BuildImageTask.java:122)
        at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:73)
        ... 42 more
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <gcr.io/74.125.140.82> != <*.googlecode.com> OR <*.googlecode.com> OR <*.cloud.google.com> OR <*.code.google.com> OR <*.codespot.com> OR <*.developers.google.com> OR <*.gcr.io> OR <*.googlesource.com> OR <*.pkg.dev> OR <*.u.googlecode.com> OR <gcr.io> OR <googlecode.com> OR <googlesource.com> OR <pkg.dev>
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:228)
        at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
        at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
        at com.google.api.client.http.apache.ApacheHttpRequest.execute(ApacheHttpRequest.java:65)
        at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:981)
        at com.google.cloud.tools.jib.http.Connection.send(Connection.java:161)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:232)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.callWithAllowInsecureRegistryHandling(RegistryEndpointCaller.java:152)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:142)
        at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint(RegistryClient.java:339)
        at com.google.cloud.tools.jib.registry.RegistryClient.pullManifest(RegistryClient.java:200)
        at com.google.cloud.tools.jib.registry.RegistryClient.pullManifest(RegistryClient.java:208)
        at com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.pullBaseImage(PullBaseImageStep.java:197)
        at com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.call(PullBaseImageStep.java:117)
        at com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.call(PullBaseImageStep.java:56)
        at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:127)
        at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57)
        at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:80)

Additional Information:
can also send my gradle dependencies report if you suspect that it'll be useful
@chanseokoh
Copy link
Member

chanseokoh commented Jan 3, 2019
edited
Loading

Hi @nirdothan,

For the project using Spring Boot 1.4, let's force using particular versions of Google HTTP Client and Apache HttpClient for building. (BTW, your build.gradle seems to be using Spring Boot 1.5.8 instead of 1.4?)

buildscript {
    repositories {
        mavenCentral()
        ...
    }
    dependencies {
        ...
        classpath('com.google.http-client:google-http-client:1.23.0') {
            force = true
        }
        classpath('org.apache.httpcomponents:httpcore:4.0.1') {
            force = true
        }
        classpath('org.apache.httpcomponents:httpclient:4.0.1') {
            force = true
        }
    }
}

@chanseokoh
Copy link
Member

If the above doesn't resolve the issue, is it possible to get us a very small sample (hello-world like would be good) that reproduces this issue?

@nirdothan-zz
Copy link
Author

Hi @chanseokoh,
Thanks! forcing the dependencies above solved the issue.
Note that despite the 1.5.8 version in build.gradle, effectively it's running Spring Boot 1.4.2, probably forced by the SpringCloud version which is Camden.SR4 (I didn't share those properties)

@chanseokoh
Copy link
Member

chanseokoh commented Jan 3, 2019
edited
Loading

Thanks for the update. It helps us and other users going forward.

I guess your project dependencies pulled in either Google HTTP Client or Apache HttpClient version that was not able to handle this kind of cert for some reason. Perhaps an old version. It'd be interesting to see which library versions the build was using by checking the Gradle dependency report. It might also be the case it is enough to force org.apache.httpcomponents:httpclient:4.0.1 alone.

I'll close the issue. Feel free to update if you have any suggestions.

@nirdothan-zz
Copy link
Author

following additional experimentation I realized that I already had org.apache.httpcomponents:httpclient pulled from 2 different dependencies (feign and stormpath), but it was just missing from the buildscript classpath. So I just added the version I was already using to the classpath without forcing.

here's the latest working configuration (just the buildscript part):

buildscript {
    repositories {
        mavenCentral()
        maven { url 'http://repo.spring.io/milestone' }// milestones and release candidates
        maven { url 'https://plugins.gradle.org/m2/' }
    }
    dependencies{
        classpath "org.springframework.boot:spring-boot-gradle-plugin:1.5.8.RELEASE",
                "io.spring.gradle:dependency-management-plugin:0.6.1.RELEASE",
                "org.apache.httpcomponents:httpclient:4.5.2"
    }
}

@chanseokoh
Copy link
Member

Huh, interesting. Thanks for the update.

@chanseokoh chanseokoh mentioned this issue Jan 15, 2019
Closed
@chanseokoh chanseokoh mentioned this issue Mar 4, 2019
Open
@chanseokoh chanseokoh mentioned this issue May 10, 2019
Closed
@chanseokoh chanseokoh mentioned this issue Oct 24, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nirdothan-zz @chanseokoh