Application link between Bamboo and Bitbucket broke with "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" network error after Bitbucket upgrade
Platform Notice: Server, Data Center, and Cloud By Request - This article was written for the Atlassian server and data center platforms but may also be useful for Atlassian Cloud customers. If completing instructions in this article would help you, please contact Atlassian Support and mention it.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
The application link between Bamboo and Bitbucket broke with the SSL authentication issue after Bitbucket upgraded to 8.9.9 with Java 17. Below errors can be seen in the <Bamboo-Home>/atlassian-bamboo.log file:
2024-01-23 05:23:19,145 INFO [AtlassianEvent::0-BAM::EVENTS:pool-1-thread-54] [FeatureManagerStartupListener] * Application Link. Id:'2391f07f-b84a-3386-b248-fa1fe4b9bfac', Name: 'Bitbucket', Url:'https://bitbucket-test.com, Type: 'applinks.bitbucket.v4'
2024-01-23 05:23:22,802 WARN [atlassian-scheduler-quartz2.local_Worker-2] [DefaultApplinkStatusService] Unrecognized error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:23:29,824 INFO [scheduler_Worker-5] [RemoteConnectionTester] Exception requesting status for remote host Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:24:50,490 ERROR [https-jsse-nio-8443-exec-36] [OAuthApplinksServlet] An error occurred when performing the oauth 'dance' for application link 'Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash'
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:26:22,992 WARN [https-jsse-nio-8443-exec-63] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:26:44,211 WARN [https-jsse-nio-8443-exec-101] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'環境
- Bamboo on 9.3.1 with Java 11.0.1 or below.
- Bitbucket on the 8+ version with Java 17.
診断
The following symptoms are observed:
- Bamboo server matched the "Environment" details above.
- There is no mismatch in SSL certificates and SSL certificates match with the correct hostname of the Bitbucket used in the Application link Bitbucket URL.
- A network error is seen on the Bamboo UI application link created between Bamboo and Bitbucket from the Bamboo Overview > Application Links > Click on the edit option.
- Below logs seen in atlassian-bamboo.log:
2024-01-23 05:23:19,145 INFO [AtlassianEvent::0-BAM::EVENTS:pool-1-thread-54] [FeatureManagerStartupListener] * Application Link. Id:'2391f07f-b84a-3386-b248-fa1fe4b9bfac', Name: 'Bitbucket', Url:'https://bitbucket-test.com, Type: 'applinks.bitbucket.v4'
2024-01-23 05:23:22,802 WARN [atlassian-scheduler-quartz2.local_Worker-2] [DefaultApplinkStatusService] Unrecognized error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:23:29,824 INFO [scheduler_Worker-5] [RemoteConnectionTester] Exception requesting status for remote host Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:24:50,490 ERROR [https-jsse-nio-8443-exec-36] [OAuthApplinksServlet] An error occurred when performing the oauth 'dance' for application link 'Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash'
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:26:22,992 WARN [https-jsse-nio-8443-exec-63] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:26:44,211 WARN [https-jsse-nio-8443-exec-101] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'原因
There is a bug in Java 11 below 11.0.3 where resumed TLS 1.3 sessions do not preserve the peer certificate chain that is held in the initially created SSLSession object. When Jira reaches out to Crowd to validate the user's authenticatedness, it does so over a SSL/TLS connection. If this TLS connection is at level TLS 1.3, this bug can be encountered where the SSL connection fails, thereby failing the connection to Crowd.
For more details, please refer to OpenJDK bug: JDK-8212885
ソリューション
Solution 1:
Upgrade Java on Bamboo server to JDK 11.0.3 or higher, any of the fixed versions mentioned on this OpenJDK bug: JDK-8212885.
Please refer to How to upgrade the Java version used by Bamboo.
Solution 2:
Add the below JVM parameter on Bamboo server <Bamboo-Install>/bin/setenv.sh. Please refer to configuring your system properties.
-Djdk.tls.client.protocols=TLSv1.2- Restart Bamboo so the changes are reflected.
- Please make sure that the above property has been picked up by Bamboo by going to Bamboo Administration > Overview > System information and looking for it in the Environment variables section → JAVA_OPTS.
- Create an Application link from Bamboo Overview > Application Links for Bamboo and Bitbucket.