読者です 読者をやめる 読者になる 読者になる

t.marcusの外部記憶装置

忘備録とかちょっとした考えとかをつらつらと...

maven-release-pluginでReceived fatal alert: bad_record_macが出た話

リリース作業中に問題発生したので、自戒録がてら書き連ねておく。

結果としては、Java7だったので、MAVEN_OPTS="-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"環境変数にぶち込んで走らせれば解決しました。
(Java8は試してませんが、おそらく-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2を指定すれば、行けるはずです)


事の起こりは、リリース作業中にpomのバージョンをイテレーションして、Sonatype Nexus Repository Manager(以下、Nexus)へ成果物のアップロードを行うJenkinsジョブを実行したところ…

f:id:t_marcus87:20160209193850p:plain

_人人人人人人人人人人人人人人_
> 燦々と輝く「ジョブ失敗」 <
 ̄Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y ̄

とりあえず、ログを眺めてみると…

$ mvn -Dresume=false release:prepare release:perform -B
:
:
[INFO] --- maven-release-plugin:2.0:prepare (default-cli) @ hoge-api-server ---
:
:
[INFO] --- maven-release-plugin:2.0:perform (default-cli) @ hoge-api-server ---
:
:
[INFO] [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ hoge-api-server ---
[INFO] Uploading: https://nexus.example.com/content/repositories/releases/com/example/api/hoge-api-server/1.59.0/hoge-api-server-1.59.0.jar
[INFO] Uploading: https://nexus.example.com/content/repositories/releases/com/example/api/hoge-api-server/1.59.0/hoge-api-server-1.59.0.pom
[INFO] Uploaded: https://nexus.example.com/content/repositories/releases/com/example/api/hoge-api-server/1.59.0/hoge-api-server-1.59.0.pom (9 KB at 28.9 KB/sec)
[INFO] [INFO] ------------------------------------------------------------------------
[INFO] [INFO] BUILD FAILURE
[INFO] [INFO] ------------------------------------------------------------------------
[INFO] [INFO] Total time: 53.752s
[INFO] [INFO] Finished at: Tue Feb 09 13:31:27 JST 2016
[INFO] [INFO] Final Memory: 57M/1313M
[INFO] [INFO] ------------------------------------------------------------------------
[INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project hoge-api-server: Failed to deploy artifacts: Could not transfer artifact com.example:hoge-api-server:jar:1.10.0 from/to hoge-releases (https://nexus.hoge.org/content/repositories/releases/): Received fatal alert: bad_record_mac -> [Help 1]
[INFO] [ERROR] 
[INFO] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[INFO] [ERROR] Re-run Maven using the -X switch to enable full debug logging.
[INFO] [ERROR] 
[INFO] [ERROR] For more information about the errors and possible solutions, please read the following articles:
[INFO] [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

何やら、Nexusへの登録がbad_record_macで失敗してるっぽい。

とりあえず、ググってみる

検索結果から、SSL周りのエラーっぽい雰囲気が漂ってくる。

とりあえずjenkinsサーバに入って、Nexusと話をしてみる…

$ curl -vs https://nexus.example.com
* Rebuilt URL to: https://nexus.example.com/
*   Trying 12.34.56.78...
* Connected to nexus.example.com (12.34.56.78) port 443 (#0)
* TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* Server certificate: *.example.com
:
:
> GET / HTTP/1.1
> Host: nexus.example.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html
< Content-Length: 8009
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Last-Modified: Tue, 09 Feb 2016 10:47:55 GMT
< Pragma: no-cache
< Cache-Control: post-check=0, pre-check=0
< Expires: 0
<
<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
:
:

ちゃんとお話できてるっぽい。

SSLといえば、最近Poodleの関係で、SSLv3がサポート切られてたりしてたはず…ということで、SSLv3でお話してみると…

$ curl -vs --sslv3 https://nexus.example.com
* Rebuilt URL to: https://nexus.example.com/
*   Trying 12.34.56.78...
* Connected to nexus.example.com (12.34.56.78) port 443 (#0)
* SSL peer handshake failed, the server most likely requires a client certificate to connect
* Closing connection 0
curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect

ビンゴ!

ということで、Javaのオプションで、SSLv3をオフって解決

mvn -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Dresume=false release:prepare release:perform -B

詳しくはこちら