maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cservenak, Tamas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WAGON-452) Missing exception handling when maven.wagon.http.ssl.ignore.validity.dates flag is set to 'true'
Date Fri, 14 Oct 2016 10:35:21 GMT

    [ https://issues.apache.org/jira/browse/WAGON-452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15574927#comment-15574927
] 

Cservenak, Tamas commented on WAGON-452:
----------------------------------------

Same here, or at least something similar, the "ignore validity dates" did not work for me
with HTTPS server having {{NotAfter}} expired.

Though **I did set both properties, as ignore validity dates requires ssl insecure too** to
work: used on cmd line:
{{-Dmaven.wagon.http.ssl.insecure=true -D maven.wagon.http.ssl.ignore.validity.dates=true}}

Build failed and this is exception I got:
{noformat}
[INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.6:deploy
(default-deploy) on project additions: Failed to deploy artifacts: Could not transfer artifact
io.takari.nexus:additions:pom:1.6.1 from/to takari.releases (https://otto.takari.io/service/local/staging/deploy/maven2):
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed: NotAfter: Fri Oct 14 01:59:59 CEST 2016 -> [Help 1]
[INFO] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.6:deploy
(default-deploy) on project additions: Failed to deploy artifacts: Could not transfer artifact
io.takari.nexus:additions:pom:1.6.1 from/to takari.releases (https://otto.takari.io/service/local/staging/deploy/maven2):
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed
[INFO] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
[INFO] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
[INFO] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
[INFO] 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
[INFO] 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
[INFO] 	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
[INFO] 	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
[INFO] 	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
[INFO] 	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
[INFO] 	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
[INFO] 	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
[INFO] 	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
[INFO] 	at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
[INFO] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[INFO] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[INFO] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[INFO] 	at java.lang.reflect.Method.invoke(Method.java:498)
[INFO] 	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
[INFO] 	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
[INFO] 	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
[INFO] 	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
[INFO] Caused by: org.apache.maven.plugin.MojoExecutionException: Failed to deploy artifacts:
Could not transfer artifact io.takari.nexus:additions:pom:1.6.1 from/to takari.releases (https://otto.takari.io/service/local/staging/deploy/maven2):
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed
[INFO] 	at org.apache.maven.plugin.deploy.DeployMojo.execute(DeployMojo.java:192)
[INFO] 	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
[INFO] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
[INFO] 	... 20 more
[INFO] Caused by: org.apache.maven.artifact.deployer.ArtifactDeploymentException: Failed to
deploy artifacts: Could not transfer artifact io.takari.nexus:additions:pom:1.6.1 from/to
takari.releases (https://otto.takari.io/service/local/staging/deploy/maven2): sun.security.validator.ValidatorException:
PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check
failed
[INFO] 	at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:143)
[INFO] 	at org.apache.maven.plugin.deploy.DeployMojo.execute(DeployMojo.java:148)
[INFO] 	... 22 more
[INFO] Caused by: org.eclipse.aether.deployment.DeploymentException: Failed to deploy artifacts:
Could not transfer artifact io.takari.nexus:additions:pom:1.6.1 from/to takari.releases (https://otto.takari.io/service/local/staging/deploy/maven2):
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed
[INFO] 	at org.eclipse.aether.internal.impl.DefaultDeployer.deploy(DefaultDeployer.java:317)
[INFO] 	at org.eclipse.aether.internal.impl.DefaultDeployer.deploy(DefaultDeployer.java:245)
[INFO] 	at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy(DefaultRepositorySystem.java:413)
[INFO] 	at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:139)
[INFO] 	... 23 more
[INFO] Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer
artifact io.takari.nexus:additions:pom:1.6.1 from/to takari.releases (https://otto.takari.io/service/local/staging/deploy/maven2):
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed
[INFO] 	at org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:43)
[INFO] 	at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:355)
[INFO] 	at org.eclipse.aether.connector.basic.BasicRepositoryConnector.put(BasicRepositoryConnector.java:274)
[INFO] 	at org.eclipse.aether.internal.impl.DefaultDeployer.deploy(DefaultDeployer.java:311)
[INFO] 	... 26 more
[INFO] Caused by: org.apache.maven.wagon.TransferFailedException: sun.security.validator.ValidatorException:
PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check
failed
[INFO] 	at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.put(AbstractHttpClientWagon.java:646)
[INFO] 	at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.put(AbstractHttpClientWagon.java:541)
[INFO] 	at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.put(AbstractHttpClientWagon.java:523)
[INFO] 	at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.put(AbstractHttpClientWagon.java:517)
[INFO] 	at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.put(AbstractHttpClientWagon.java:497)
[INFO] 	at org.eclipse.aether.transport.wagon.WagonTransporter$PutTaskRunner.run(WagonTransporter.java:644)
[INFO] 	at org.eclipse.aether.transport.wagon.WagonTransporter.execute(WagonTransporter.java:427)
[INFO] 	at org.eclipse.aether.transport.wagon.WagonTransporter.put(WagonTransporter.java:410)
[INFO] 	at org.eclipse.aether.connector.basic.BasicRepositoryConnector$PutTaskRunner.runTask(BasicRepositoryConnector.java:510)
[INFO] 	at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:350)
[INFO] 	... 28 more
[INFO] Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check
failed
[INFO] 	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
[INFO] 	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
[INFO] 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
[INFO] 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
[INFO] 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
[INFO] 	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
[INFO] 	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
[INFO] 	at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
[INFO] 	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
[INFO] 	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[INFO] 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
[INFO] 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RetryExec.execute(RetryExec.java:86)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
[INFO] 	at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.execute(AbstractHttpClientWagon.java:832)
[INFO] 	at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.put(AbstractHttpClientWagon.java:592)
[INFO] 	... 37 more
[INFO] Caused by: sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: timestamp check failed
[INFO] 	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352)
[INFO] 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249)
[INFO] 	at sun.security.validator.Validator.validate(Validator.java:260)
[INFO] 	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
[INFO] 	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
[INFO] 	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
[INFO] 	at org.apache.maven.wagon.providers.http.httpclient.conn.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:190)
[INFO] 	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922)
[INFO] 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
[INFO] 	... 57 more
[INFO] Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
[INFO] 	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
[INFO] 	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
[INFO] 	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
[INFO] 	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
[INFO] 	at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
[INFO] 	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347)
[INFO] 	... 65 more
[INFO] Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Oct 14 01:59:59
CEST 2016
[INFO] 	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
[INFO] 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
[INFO] 	at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:190)
[INFO] 	at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
[INFO] 	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
[INFO] 	... 70 more
[INFO] [ERROR] 
[INFO] [ERROR]
{noformat}

> Missing exception handling when maven.wagon.http.ssl.ignore.validity.dates flag is set
to 'true'
> ------------------------------------------------------------------------------------------------
>
>                 Key: WAGON-452
>                 URL: https://issues.apache.org/jira/browse/WAGON-452
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-http
>    Affects Versions: 2.10
>            Reporter: VĂ­tor Teixeira
>              Labels: easyfix, maven, security
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> On org.apache.maven.wagon.providers.http.RelaxedTrustStrategy exception handling is missing.
> With maven.wagon.http.ssl.ignore.validity.dates=true the following exception is thrown:
> sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed: NotAfter: Tue Dec 29 23:59:59 GMT 2015 -> [Help 1]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message