Git connections from Bamboo fail with certificate subject name does not match target host name
Summary
Git repository checkout doesn't work and fails with SSL: certificate subject name (my-git.hostname.com) does not match target host name 'my-git'
Diagnosis
The below error can be seen in the UI against the plan or within the $BAMBOO_HOME/logs/atlassian-bamboo.log:
2012-10-04 16:48:28,902 ERROR [3-BAM::PlanExec:pool-6-thread-1] [RetryingTaskExecutor] Exception being rethrown
2012-10-04 16:48:28,903 ERROR [3-BAM::PlanExec:pool-6-thread-1] [ChainExecutionManagerImpl] Plan 'AAAAA-BBBB' could not be started. Exception: com.atlassian.bamboo.plugins.git.GitCommandException: command [/usr/bin/git, ls-remote, https://git.user:***@my-git/git/repo.git] failed with code 128. Working directory was [.]., stderr:
[error: SSL: certificate subject name (my-git.hostname.com) does not match target host name 'my-git' while accessing https://git.user:***@my-git/git/repo.git/info/refs, , fatal: HTTP request failed]
java.lang.RuntimeException: com.atlassian.bamboo.plugins.git.GitCommandException: command [/usr/bin/git, ls-remote, https://git.user:***@my-git/git/repo.git] failed with code 128. Working directory was [.]., stderr:
[error: SSL: certificate subject name (my-git.hostname.com) does not match target host name 'my-git' while accessing https://git.user:***@my-git/git/repo.git/info/refs, , fatal: HTTP request failed]
at com.atlassian.bamboo.executor.RetryingTaskExecutor.rerun(RetryingTaskExecutor.java:119)
at com.atlassian.bamboo.executor.RetryingTaskExecutor.runTask(RetryingTaskExecutor.java:79)
at com.atlassian.bamboo.executor.RetryingTaskExecutor.retry(RetryingTaskExecutor.java:174)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectionChangesWithRetry(DefaultChangeDetectionManager.java:389)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesAfterQuietPeriod(DefaultChangeDetectionManager.java:344)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesSinceLastBuild(DefaultChangeDetectionManager.java:250)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesSinceRevisions(DefaultChangeDetectionManager.java:218)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesSinceRevisions(DefaultChangeDetectionManager.java:136)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesSinceLastBuildIfTriggered(DefaultChangeDetectionManager.java:113)
...
Caused by: com.atlassian.bamboo.plugins.git.GitCommandException: command [/usr/bin/git, ls-remote, https://git.user:***@my-git/git/repo.git] failed with code 128. Working directory was [.]., stderr:
[error: SSL: certificate subject name (my-git.hostname.com) does not match target host name 'my-git' while accessing https://git.user:***@my-git/git/repo.git/info/refs, , fatal: HTTP request failed]
at com.atlassian.bamboo.plugins.git.GitCommandProcessor.runCommand(GitCommandProcessor.java:357)
at com.atlassian.bamboo.plugins.git.GitCommandProcessor.getRemoteRefs(GitCommandProcessor.java:282)
at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.resolveBranch(NativeGitOperationHelper.java:438)
at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.obtainLatestRevision(NativeGitOperationHelper.java:514)
at com.atlassian.bamboo.plugins.git.GitRepository.collectChangesSinceLastBuild(GitRepository.java:209)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager$1.call(DefaultChangeDetectionManager.java:393)
at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager$1.call(DefaultChangeDetectionManager.java:390)
at com.atlassian.bamboo.executor.RetryingTaskExecutor.rerun(RetryingTaskExecutor.java:100)
... 47 more
Caused by: com.atlassian.utils.process.ProcessException: Non-zero exit code: 128
at com.atlassian.utils.process.PluggableProcessHandler.complete(PluggableProcessHandler.java:83)
at com.atlassian.utils.process.ExternalProcess.finish(ExternalProcess.java:376)
at com.atlassian.utils.process.ExternalProcess.execute(ExternalProcess.java:419)
at com.atlassian.bamboo.plugins.git.GitCommandProcessor.runCommand(GitCommandProcessor.java:351)
... 54 moreCause
The hostname Bamboo is configured to connect to for this particular Git repository does not match the hostname or any subject alternate names on the certificate presented by the Git server.
Solution
Ensure that the hostname you have configured for Bamboo to connect to the Git server matches the hostname or subject alternate names on the certificate.
Workaround
The below workaround involves disabling SSL certificate verification for Git. As certificate verification is a core part of the TLS protocol, disabling it has security implications which you should assess before applying any changes to your environment.
Git's SSL certificate verification can be disabled to workaround the problem with the http.sslVerify property:
For example, if you wanted to disable it globally:
Run the following command for the user that runs Bamboo server (if the same error gets logged for remote agents, run the command for remote agents too):
git config --global http.sslVerify false