maven-release-pluginでReceived fatal alert: bad_record_macが出た話
リリース作業中に問題発生したので、自戒録がてら書き連ねておく。
結果としては、Java7だったので、MAVEN_OPTS="-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"を環境変数にぶち込んで走らせれば解決しました。
(Java8は試してませんが、おそらく-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2を指定すれば、行けるはずです)
事の起こりは、リリース作業中にpomのバージョンをイテレーションして、Sonatype Nexus Repository Manager(以下、Nexus)へ成果物のアップロードを行うJenkinsジョブを実行したところ…
_人人人人人人人人人人人人人人_
> 燦々と輝く「ジョブ失敗」 <
 ̄Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y ̄
とりあえず、ログを眺めてみると…
$ mvn -Dresume=false release:prepare release:perform -B : : [INFO] --- maven-release-plugin:2.0:prepare (default-cli) @ hoge-api-server --- : : [INFO] --- maven-release-plugin:2.0:perform (default-cli) @ hoge-api-server --- : : [INFO] [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ hoge-api-server --- [INFO] Uploading: https://nexus.example.com/content/repositories/releases/com/example/api/hoge-api-server/1.59.0/hoge-api-server-1.59.0.jar [INFO] Uploading: https://nexus.example.com/content/repositories/releases/com/example/api/hoge-api-server/1.59.0/hoge-api-server-1.59.0.pom [INFO] Uploaded: https://nexus.example.com/content/repositories/releases/com/example/api/hoge-api-server/1.59.0/hoge-api-server-1.59.0.pom (9 KB at 28.9 KB/sec) [INFO] [INFO] ------------------------------------------------------------------------ [INFO] [INFO] BUILD FAILURE [INFO] [INFO] ------------------------------------------------------------------------ [INFO] [INFO] Total time: 53.752s [INFO] [INFO] Finished at: Tue Feb 09 13:31:27 JST 2016 [INFO] [INFO] Final Memory: 57M/1313M [INFO] [INFO] ------------------------------------------------------------------------ [INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project hoge-api-server: Failed to deploy artifacts: Could not transfer artifact com.example:hoge-api-server:jar:1.10.0 from/to hoge-releases (https://nexus.hoge.org/content/repositories/releases/): Received fatal alert: bad_record_mac -> [Help 1] [INFO] [ERROR] [INFO] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [INFO] [ERROR] Re-run Maven using the -X switch to enable full debug logging. [INFO] [ERROR] [INFO] [ERROR] For more information about the errors and possible solutions, please read the following articles: [INFO] [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
何やら、Nexusへの登録がbad_record_macで失敗してるっぽい。
とりあえず、ググってみる。
検索結果から、SSL周りのエラーっぽい雰囲気が漂ってくる。
とりあえずjenkinsサーバに入って、Nexusと話をしてみる…
$ curl -vs https://nexus.example.com * Rebuilt URL to: https://nexus.example.com/ * Trying 12.34.56.78... * Connected to nexus.example.com (12.34.56.78) port 443 (#0) * TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * Server certificate: *.example.com : : > GET / HTTP/1.1 > Host: nexus.example.com > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html < Content-Length: 8009 < Connection: keep-alive < X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < Last-Modified: Tue, 09 Feb 2016 10:47:55 GMT < Pragma: no-cache < Cache-Control: post-check=0, pre-check=0 < Expires: 0 < <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> : :
ちゃんとお話できてるっぽい。
SSLといえば、最近Poodleの関係で、SSLv3がサポート切られてたりしてたはず…ということで、SSLv3でお話してみると…
$ curl -vs --sslv3 https://nexus.example.com * Rebuilt URL to: https://nexus.example.com/ * Trying 12.34.56.78... * Connected to nexus.example.com (12.34.56.78) port 443 (#0) * SSL peer handshake failed, the server most likely requires a client certificate to connect * Closing connection 0 curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect
ビンゴ!
ということで、Javaのオプションで、SSLv3をオフって解決
mvn -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Dresume=false release:prepare release:perform -B
詳しくはこちら
