So one can put a man in the middle between jenkins and your git repo, sniff you password and start hacking away at your system then.... interesting!
On 8 November 2013 15:45, Andrew Melo <[email protected]> wrote: > In my case (as one of the stupid people), I have the CA in the rest of the > stack set up properly, but Jenkins is the only bit of software I use that's > java, so I never bothered trying to figure out the incantations to get the > CA added. It's everywhere else though, so I'm not too concerned with > someone somehow managing to own the git repo without another bit of > software complaining loudly. > > > On Fri, Nov 8, 2013 at 9:41 AM, nicolas de loof > <[email protected]>wrote: > >> Right. So looks secure but actually unsecured. >> Le 8 nov. 2013 16:39, "Kevin Fleming (BLOOMBERG/ 731 LEXIN)" < >> [email protected]> a écrit : >> >> It does make things secure if you also use client-side certificates and >>> check them on the server side (so that a client-side certificate is >>> mandatory to establish a connection). It also encrypts the traffic on the >>> wire, but of course does not protect against man-in-the-middle attacks. >>> >>> ----- Original Message ----- >>> From: [email protected] >>> To: [email protected] >>> Cc: Kevin Fleming (BLOOMBERG/ 731 LEXIN) <[email protected]> >>> At: Nov 8 2013 10:36:47 >>> >>> I don't understand why people host git over https with self-signed >>> certificate. This don't make things secure, so why not just use http ? >>> >>> I only have used self-signed certificate for development/test of https >>> webapps. >>> Le 8 nov. 2013 16:33, "nicolas de loof" <[email protected]> a >>> écrit : >>> >>>> Add this as a java system property to your java command line. >>>> Le 8 nov. 2013 15:49, "Саша Щербаков" <[email protected]> a écrit : >>>> >>>>> Could anybody explain how to run Jenkins >>>>> with org.jenkinsci.plugins.gitclient.GitClient.untrustedSSL=true ? >>>>> >>>>> Thanks >>>>> >>>>> Пʼятниця, 8 листопада 2013 р. 16:41:48 UTC+2 користувач Kevin Fleming >>>>> написав: >>>>>> >>>>>> I am starting to think that the new credentials system may be just >>>>>> a bit over-engineered :-) >>>>>> >>>>>> ----- Original Message ----- >>>>>> From: [email protected] >>>>>> To: [email protected] >>>>>> At: Nov 8 2013 07:50:15 >>>>>> >>>>>> Ahhh did you not add any specifications to the domain? >>>>>> >>>>>> You need to provide the domain with some specifications to match >>>>>> against. The domain's name is only used by humans... the specifications >>>>>> are >>>>>> used by Jenkins. >>>>>> >>>>>> If there is at least 1 specification, then the credentials in that >>>>>> domain will be available unless there is a specification that is *not* >>>>>> matched... >>>>>> >>>>>> >>>>>> On 8 November 2013 11:45, Robert Krüger <[email protected]> wrote: >>>>>> >>>>>>> On Fri, Nov 8, 2013 at 12:18 PM, Robert Krüger <[email protected]> >>>>>>> wrote: >>>>>>> > Thanks, that works now with credentials in the URL. >>>>>>> > >>>>>>> > Is there any way I can use the credentials mechanism instead? >>>>>>> > Shouldn't I have the credentials for that domain in the list? >>>>>>> >>>>>>> It does work if I enter global credentials. I guess I misunderstood >>>>>>> the domain concept in that context. >>>>>>> >>>>>>> > >>>>>>> > On Fri, Nov 8, 2013 at 11:00 AM, nicolas de loof >>>>>>> > <[email protected]> wrote: >>>>>>> >> run jenkins with >>>>>>> org.jenkinsci.plugins.gitclient.GitClient.untrustedSSL=true >>>>>>> >> >>>>>>> >> Anyway I recommend ssh >>>>>>> > >>>>>>> > Just out of curiosity, why? Is the HTTP(S) support not mature? >>>>>>> > >>>>>>> >> >>>>>>> >> >>>>>>> >> 2013/11/8 Robert Krüger <[email protected]> >>>>>>> >>> >>>>>>> >>> On Fri, Nov 8, 2013 at 10:41 AM, nicolas de loof >>>>>>> >>> <[email protected]> wrote: >>>>>>> >>> > does your git repo use sef-signed certificates ? >>>>>>> >>> >>>>>>> >>> Yes ist does. Is there no way to specify something like >>>>>>> >>> GIT_SSL_NO_VERIFY=true or specify/import the CA cert somewhere? >>>>>>> >>> >>>>>>> >>> > can't you use ssh to access it ? >>>>>>> >>> >>>>>>> >>> I have to check with our sysad. >>>>>>> >>> >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > 2013/11/8 Robert Krüger <[email protected]> >>>>>>> >>> >> >>>>>>> >>> >> Hi, >>>>>>> >>> >> >>>>>>> >>> >> I just installed a fresh Jenkins 1.538 on Mac OS 10.8.5 and >>>>>>> am trying >>>>>>> >>> >> to configure a Job that checks out from a Git repository >>>>>>> hosted on a >>>>>>> >>> >> Stash server. The git/stash access is via https and protected >>>>>>> using >>>>>>> >>> >> http credentials. >>>>>>> >>> >> >>>>>>> >>> >> I Installed the Git plugin but when I enter the repository >>>>>>> URL (e.g. >>>>>>> >>> >> https://git.mydomain.com/scm/PROJ/myproject.git), I get the >>>>>>> red error >>>>>>> >>> >> message "Failed to connect to repository : Failed to connect >>>>>>> to >>>>>>> >>> >> https://git.mydomain.com/scm/PROJ/myproject.git";. >>>>>>> >>> >> >>>>>>> >>> >> I tried with and without credentials in the URL with the same >>>>>>> result. >>>>>>> >>> >> >>>>>>> >>> >> Then I created a domain (under credentials), named it >>>>>>> git.mydomain.com >>>>>>> >>> >> and added a set of credentials to that domain for my build >>>>>>> user. Then >>>>>>> >>> >> I returned to the job configuration page but in the >>>>>>> credentials >>>>>>> >>> >> section of the Git settings I still only have the "- none -" >>>>>>> option in >>>>>>> >>> >> the drop-down. >>>>>>> >>> >> >>>>>>> >>> >> What am I doing wrong? >>>>>>> >>> >> >>>>>>> >>> >> Is there a log file where I can look for clues? >>>>>>> >>> >> >>>>>>> >>> >> Thanks in advance, >>>>>>> >>> >> >>>>>>> >>> >> Robert >>>>>>> >>> >> >>>>>>> >>> >> -- >>>>>>> >>> >> You received this message because you are subscribed to the >>>>>>> Google >>>>>>> >>> >> Groups >>>>>>> >>> >> "Jenkins Users" group. >>>>>>> >>> >> To unsubscribe from this group and stop receiving emails from >>>>>>> it, send >>>>>>> >>> >> an >>>>>>> >>> >> email to [email protected]. >>>>>>> >>> >> For more options, visit >>>>>>> https://groups.google.com/groups/opt_out. >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > -- >>>>>>> >>> > You received this message because you are subscribed to the >>>>>>> Google >>>>>>> >>> > Groups >>>>>>> >>> > "Jenkins Users" group. >>>>>>> >>> > To unsubscribe from this group and stop receiving emails from >>>>>>> it, send >>>>>>> >>> > an >>>>>>> >>> > email to [email protected]. >>>>>>> >>> > For more options, visit >>>>>>> https://groups.google.com/groups/opt_out. >>>>>>> >>> >>>>>>> >>> -- >>>>>>> >>> You received this message because you are subscribed to the >>>>>>> Google Groups >>>>>>> >>> "Jenkins Users" group. >>>>>>> >>> To unsubscribe from this group and stop receiving emails from >>>>>>> it, send an >>>>>>> >>> email to [email protected]. >>>>>>> >>> For more options, visit https://groups.google.com/groups/opt_out >>>>>>> . >>>>>>> >> >>>>>>> >> >>>>>>> >> -- >>>>>>> >> You received this message because you are subscribed to the >>>>>>> Google Groups >>>>>>> >> "Jenkins Users" group. >>>>>>> >> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an >>>>>>> >> email to [email protected]. >>>>>>> >> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Jenkins Users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Jenkins Users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Jenkins Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > -- > Andrew Melo > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
