1

SSL connect error

When setting up the connection setting for Jenkins in CatLight v2.1.4 I am getting a "Error: SSL connect error"

The Jenkins server is hosted in AWS with a Amazon issues SSL Cert thats valid.

Any recommendations on how to resolve this?

4 replies

Is it possible that proxy server intercepts https connections and replaces original server certificate with it's own, that is not trusted on this computer?

You can open the server address in Safari, as we should use the same certificate store and settings as it uses. If it shows any errors, they should be fixed there first.

You can also try explicitly providing proxy server address in Catlight settings.

We use a automatic proxy configuration (.pac)

I will play around with the proxy configuration next week and see if I can get it to work.

Strange I am now seeing a "Failure when receiving data from the peer" error now

You can get more detailed information in logs at ~/Library/Application Support/Catlight/logs.

"Failure when receiving data from the peer" seems to be a curl error. .Net core uses libcurl internally on Mac.

If you have access to proxy logs or configuration, then maybe this this will shed some light on why is this happening.

It is possible that proxy is blocking some requests for some reason. Maybe they have long urls, or big request/response bodies.

You can also try new version 2.2.3 - we've updated a bunch of dependencies for Mac OS X app. If it was a bug in on of them, it might have been fixed.

I updated to 2.2.3 still seeing the "Failure when receiving data from the peer"

I can get to the logs is there a address I can email them to you?

Sure, send the logs to [email protected]

Please also include your OS version. 

If the server you are trying to connect to is available on the Internet, please include URL as well, and we'll try to reproduce the problem. We don't need credentials, as SSL session is established before credentials are checked.

Mac OS X 10.11 and there is a proxy 

Chrome sees it as a valid and secure page.

 

What is your OS type and version? Do you use any type of proxy server?

Please make sure that certificate is actually trusted by OS. You can do that by opening the url in default OS browser (IE on windows, Safari on OS X).

If this a self-signed certificate, then see this answer on how to add it to trusted - http://catlight.helprace.com/i105-how-to-add-a-jenkins-with-custom-https-certificate-needs-an-exception-in-normal-browsers 

You can also check you server using https://www.ssllabs.com/ssltest/ . It can detect various SSL problems. For example, server could use a subordinate certification authority and not return the whole certificate chain.