Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Jenkins Docker Cloud Agent with Socat and TLS: "Received fatal alert: internal_error" #2388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
giuliano-aiello opened this issue Mar 25, 2025 · 0 comments
Open

Jenkins Docker Cloud Agent with Socat and TLS: "Received fatal alert: internal_error" #2388

giuliano-aiello opened this issue Mar 25, 2025 · 0 comments

Comments

@giuliano-aiello
Copy link

Jenkins and plugins versions report

Environment 
Client:
Context:    default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
compose: Docker Compose (Docker Inc., v2.18.1)
scan: Docker Scan (Docker Inc., v0.23.0)

Server:
Server Version: 20.10.17

Jenkins: 2.479.3
OS: Linux - 5.4.0-204-generic
Java: 17.0.13 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ant:511.v0a_a_1a_334f41b_
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-269.vfa_2321039a_83
apache-httpcomponents-client-5-api:5.4-136.v5a_21779c63f8
asm-api:9.7.1-97.v4cc844130d97
authentication-tokens:1.119.v50285141b_7e1
bootstrap5-api:5.3.3-2
bouncycastle-api:2.30.1.80-256.vf98926042a_9b_
branch-api:2.1214.v3f652804588d
build-timeout:1.33
caffeine-api:3.2.0-161.v691ef352cee1
checks-api:2.2.1
cloud-stats:377.vd8a_6c953e98e
cloudbees-folder:6.985.va_f1635030cc5
commons-compress-api:1.26.1-2
commons-lang3-api:3.17.0-84.vb_b_938040b_078
commons-text-api:1.13.0-153.v91dcd89e2a_22
configuration-as-code:1947.v7d33fe23569c
credentials:1408.va_622a_b_f5b_1b_1
credentials-binding:687.v619cb_15e923f
dark-theme:479.v661b_1b_911c01
display-url-api:2.204.vf6fddd8a_8b_e9
docker-commons:451.vd12c371eeeb_3
docker-java-api:3.4.1-96.v77147a_de67f8
docker-plugin:1274.vc0203fdf2e74
docker-workflow:611.v16e84da_6d3ff
durable-task:581.v299a_5609d767
echarts-api:5.5.1-1
eddsa-api:0.3.0.1-19.vc432d923e5ee
email-ext:1844.v3ea_a_b_842374a_
envinject-api:1.199.v3ce31253ed13
font-awesome-api:6.7.2-1
git:5.5.1
git-client:6.1.2
git-server:126.v0d945d8d2b_39
github:1.40.0
github-api:1.321-468.v6a_9f5f2d5a_7e
github-branch-source:1797.v86fdb_4d57d43
gradle:2.13
gson-api:2.12.1-113.v347686d6729f
instance-identity:201.vd2a_b_5a_468a_a_6
ionicons-api:74.v93d5eb_813d5f
jackson2-api:2.18.3-396.v93cc2d00b_b_7b_
jakarta-activation-api:2.1.3-1
jakarta-mail-api:2.1.3-1
javax-activation-api:1.2.0-7
javax-mail-api:1.6.2-10
jaxb:2.3.9-133.vb_ec76a_73f706
jjwt-api:0.11.5-112.ve82dfb_224b_a_d
joda-time-api:2.13.1-115.va_6b_5f8efb_1d8
jquery3-api:3.7.1-2
json-api:20250107-125.v28b_a_ffa_eb_f01
json-path-api:2.9.0-148.v22a_7ffe323ce
junit:1302.va_b_878c32eb_b_5
ldap:725.v3cb_b_711b_1a_ef
mailer:489.vd4b_25144138f
mapdb-api:1.0.9-40.v58107308b_7a_7
matrix-auth:3.2.2
matrix-project:832.va_66e270d2946
metrics:4.2.21-451.vd51df8df52ec
mina-sshd-api-common:2.14.0-143.v2b_362fc39576
mina-sshd-api-core:2.14.0-143.v2b_362fc39576
nodelabelparameter:1.14.0
okhttp-api:4.11.0-172.vda_da_1feeb_c6e
pam-auth:1.11
persistent-parameter:1.3
pipeline-build-step:540.vb_e8849e1a_b_d8
pipeline-github-lib:61.v629f2cc41d83
pipeline-graph-analysis:216.vfd8b_ece330ca_
pipeline-graph-view:340.v28cecee8b_25f
pipeline-groovy-lib:752.vdddedf804e72
pipeline-input-step:517.vf8e782ee645c
pipeline-milestone-step:119.vdfdc43fc3b_9a_
pipeline-model-api:2.2247.va_423189a_7dff
pipeline-model-definition:2.2247.va_423189a_7dff
pipeline-model-extensions:2.2247.va_423189a_7dff
pipeline-stage-step:312.v8cd10304c27a_
pipeline-stage-tags-metadata:2.2247.va_423189a_7dff
plain-credentials:183.va_de8f1dd5a_2b_
plugin-util-api:6.0.0
prism-api:1.30.0-1
resource-disposer:0.23
role-strategy:743.v142ea_b_d5f1d3
scm-api:704.v3ce5c542825a_
script-security:1369.v9b_98a_4e95b_2d
scriptler:376.v152edd95b_ca_f
snakeyaml-api:2.3-123.v13484c65210a_
ssh-credentials:349.vb_8b_6b_9709f5b_
ssh-slaves:3.1031.v72c6b_883b_869
sshd:3.330.vc866a_8389b_58
structs:338.v848422169819
subversion:1275.va_7b_014f3fc2c
theme-manager:262.vc57ee4a_eda_5d
timestamper:1.27
token-macro:444.v52de7e9c573d
trilead-api:2.147.vb_73cc728a_32e
variant:60.v7290fc0eb_b_cd
workflow-aggregator:600.vb_57cdd26fdd7
workflow-api:1366.vf1fb_e1a_f6b_22
workflow-basic-steps:1079.vce64b_a_929c5a_
workflow-cps:4043.va_fb_de6a_a_8b_f5
workflow-durable-task-step:1405.v1fcd4a_d00096
workflow-job:1505.vea_4b_20a_4a_495
workflow-multibranch:803.v08103b_87c280
workflow-scm-step:427.v4ca_6512e7df1
workflow-step-api:700.v6e45cb_a_5a_a_21
workflow-support:963.va_600813d04a_a_
ws-cleanup:0.46

Operating System

Ubuntu LTS

Reproduction steps

I use Jenkins as a Docker container. I'm setting up a Jenkins Cloud Agent using the Docker Remote API with Socat and TLS.

I followed these steps:

  1. Created a Certificate Authority (CA) on the Socat server.
  2. Generated server and client certificates (with Subject Alternative Name configured).
  3. Started Socat container with the following command: OPENSSL-LISTEN:2370,reuseaddr,cert=/etc/docker/certs/server-cert.pem,key=/etc/docker/certs/server-key.pem,cafile=/etc/docker/certs/ca.pem,fork UNIX-CONNECT:/var/run/docker.sock

Configured Jenkins:

  1. Set ip:port as the Docker host.
  2. Added the client key, client certificate, and CA certificate to Jenkins credentials.
  3. The "Test Connection" succeeds.
  4. But the problem occurs when I start a Jenkins job using the Jenkins Cloud Agent just created.

Expected Results

Normal execution of the docker container on my docker host.
An interesting thing on logs is that initially, the container seems to start (anyway i never see it on my docker host):

Image

Actual Results

javax.net.ssl.SSLException: Received fatal alert: internal_error
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.executeHandshake(SSLConnectionSocketFactory.java:345)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:313)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:251)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:189)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:450)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:162)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:172)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:142)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:192)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:113)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:152)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:116)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:170)
	at PluginClassLoader for apache-httpcomponents-client-5-api//org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:87)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.httpclient5.ApacheDockerHttpClientImpl.execute(ApacheDockerHttpClientImpl.java:206)
Caused: java.lang.RuntimeException
	at PluginClassLoader for docker-java-api//com.github.dockerjava.httpclient5.ApacheDockerHttpClientImpl.execute(ApacheDockerHttpClientImpl.java:210)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.httpclient5.ApacheDockerHttpClient.execute(ApacheDockerHttpClient.java:9)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.core.DefaultInvocationBuilder.execute(DefaultInvocationBuilder.java:228)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.core.DefaultInvocationBuilder.post(DefaultInvocationBuilder.java:102)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.core.exec.StartContainerCmdExec.execute(StartContainerCmdExec.java:31)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.core.exec.StartContainerCmdExec.execute(StartContainerCmdExec.java:13)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.core.exec.AbstrSyncDockerCmdExec.exec(AbstrSyncDockerCmdExec.java:21)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.core.command.AbstrDockerCmd.exec(AbstrDockerCmd.java:33)
	at PluginClassLoader for docker-java-api//com.github.dockerjava.core.command.StartContainerCmdImpl.exec(StartContainerCmdImpl.java:42)
	at PluginClassLoader for docker-plugin//com.nirima.jenkins.plugins.docker.DockerTemplate.doProvisionNode(DockerTemplate.java:755)
	at PluginClassLoader for docker-plugin//com.nirima.jenkins.plugins.docker.DockerTemplate.provisionNode(DockerTemplate.java:686)
	at PluginClassLoader for docker-plugin//com.nirima.jenkins.plugins.docker.DockerCloud$1.run(DockerCloud.java:414)
	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
	at jenkins.util.ErrorLoggingExecutorService.lambda$wrap$0(ErrorLoggingExecutorService.java:51)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

More

I opened an issue on the Apache Jenkins plugin repository, too:
jenkinsci/apache-httpcomponents-client-5-api-plugin#75
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@giuliano-aiello