Is there any way to ignore ssl verification with the stash web post hooks plugin

Adam Crews July 23, 2014

The target of my webhook post is using ssl with a self signed certificate. Is there anyway to tell the plugin to ignore ssl certificate errors?

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
Answer accepted
TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 23, 2014

Hi Adam,

Ignoring SSL is probably not the way to go, as it would you vulnerable to a MITM attack. Instead, you should add the self-signed certificate to your Stash JVM's keystore. There's some instructions for using the JVM keytool in this JIRA documentation:

https://confluence.atlassian.com/display/JIRA043/Running+JIRA+over+SSL+or+HTTPS#RunningJIRAoverSSLorHTTPS-ImportCertificateIntoTheTruststore

cheers,

Tim

Adam Crews July 23, 2014

Thanks for the pointer to the keystore info. However in my case, I would like to post to a place that may be rebuilt at anytime, thus may have new certificates at anytime. I'm posting to a development puppet master server to initiate code pulls. Preventing man-in-the-middle is not important for this situation.

I agree that certificate checking should be the default, but it would also be handy to override this default in cases like mine.

TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 23, 2014

Fair enough. Another option would be to fork the simple Stash Webhook Plugin and write some custom code to override java's default SSL handling. I don't know of a way to configure Stash to do it without writing some java code.

Adam Crews July 23, 2014

Ahh!! Perfect, I was looking for the source, but didnt find it until you shared the link. Thanks, I will definately fork it and add the option.

Adam Crews September 23, 2014

I ended up using the External hooks plugin (https://marketplace.atlassian.com/plugins/com.ngs.stash.externalhooks.external-hooks) to accomplish my task. To make it work for my intended use, there is also a helper script (https://github.com/acidprime/r10k/blob/master/files/stash_mco.rb).

TAGS
AUG Leaders

Atlassian Community Events