[jira] Commented: (MNG-3230) HTTPS with self-signed certificate does not work, no error message.

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] Commented: (MNG-3230) HTTPS with self-signed certificate does not work, no error message.

JIRA jira@codehaus.org

    [ http://jira.codehaus.org/browse/MNG-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_125787 ]

Marcello Teodori commented on MNG-3230:

I can confirm the same behaviour, my current workaround is to use HTTP instead of HTTPS as fortunately I can modify how the repository gets published.
Adding -e or -X I don't get any meaningful error message or warning about the repository being skipped because of an untrusted SSL certificate, just a part of  exception stack trace from the DefaultArtifactResolver which cannot find the dependencies on any repository.
If the problem is about the certifcate and not elsewhere, I think that it could be useful to have some plugin property to give trust to self-signed certs fora a HTTP repository.

> HTTPS with self-signed certificate does not work, no error message.
> -------------------------------------------------------------------
>                 Key: MNG-3230
>                 URL: http://jira.codehaus.org/browse/MNG-3230
>             Project: Maven 2
>          Issue Type: Bug
>          Components: Artifacts and Repositories
>    Affects Versions: 2.0.7
>            Reporter: Andreas Kr├╝ger
>             Fix For: 2.0.x
> We have a repository server that serves the same files both via HTTPS and HTTP.
> Maven is not able to find artifacts when using HTTPS. All goes well when using HTTP.
> The problem probably is that the HTTPS - certificate used by the repository server is self-signed, and Maven has not been configured to accept that certificate as genuine. (This is a guess.)
> Expected behavior: With HTTPS, build does not continue. Maven gives an error message indicating the problem is certificate-related.
> Behavior seen: Maven reacts as if there were no problem connecting the repository, but as if the artifact were missing from the repository. It continues to search other repositories as happen to be configured. (However, the artifact is clearly there, e.g., can be downloaded with "wget  --no-check-certificate " via HTTPS.)

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira