maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Herscu <bmf1...@fastmail.fm>
Subject Re: [m2] SSL certificate name does not match
Date Sat, 13 Oct 2007 11:50:15 GMT
Hi David,

Thanks for your reply.
I checked that blog; however the solution described there seems to 
belong to other problem:

<snip>
javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
[This happens] when trying to open an SSL connection to a host using 
JSSE. What this usually means is that the server is using a test 
certificate (possibly generated using keytool) rather than a certificate 
from a well known commercial Certification Authority such as Verisign or 
GoDaddy. Web browsers display warning dialogs in this case, but since 
JSSE cannot assume an interactive user is present it just throws an 
exception by default.
</snip>

Because I am somewhat desperate, I have tested that program. It seems to 
do what the standard keytool does... I copied the generated jssecacert 
file into my ${jre.home}/lib/security directory and hoped for the 
best... But it didn't happen :-( I checked that the file was read using 
a file monitor, and it was read.

It seems that the solution could only be provided by applications (
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#ciphersuitechoice).
In this case, Maven should provide the option to override the default 
host name checking algorithm with a do-nothing one.

Adrian.

David Williams wrote:
> Sorry it was late when I replied. = )  Here's the link
> http://blogs.sun.com/andreas/entry/no_more_unable_to_find
> 
> On 10/11/07, Adrian Herscu <bmf1972@fastmail.fm> wrote:
>> Yeah... Where is the link :-)?
>>
>> I tried to play with the keytool program. I have imported the SSL
>> certificate into my key store; this creates a file named .keystore in
>> C:\Documents and Settings\me. I tried to run Maven and DAVExplorer;
>> their behavior did not change :-(
>>
>> Now the weird things:
>>
>> 1. I have monitored the file access to the .keystore file. When I am
>> running keytool -list the .keystore file is accessed (seems like my file
>> monitoring program works). When I am running Maven or DAVExplorer, the
>> .keystore file is not accessed at all!
>> 2. Maven is able to upload files to my WebDAV server! If I am building
>> all my modules locally, then I can run mvn deploy and the files are
>> uploaded!!!
>>
>> Adrian.
>>
>> Tim Kettler wrote:
>>> Where's the link :-)?
>>>
>>> David Williams schrieb:
>>>> Adrian,
>>>>
>>>> This link may help you.  This java program allows you to manually
>>>> accept the
>>>> cert and place the generated file in your JDK or JRE.  Then the java
>>>> keeps
>>>> it as an accept cert.  I have not tried this with Maven but it worked
>>>> with
>>>> another application where the cert didn't match the server name.  Down
>>>> side
>>>> is that it would have to be on every user's machine.
>>>>
>>>> Thanks,
>>>>
>>>> David
>>>>
>>>> On 10/10/07, Adrian Herscu <bmf1972@fastmail.fm> wrote:
>>>>> Hi all,
>>>>>
>>>>> I am hosting my project sources and binaries with some external
>>>>> provider. He cannot set up an SSL certificate for my domain name...
>>>>> Meanwhile, the only alternative is accept those SSL warnings about
>>>>> domain name mismatch. I am getting them in my browser and also in my
>> SVN
>>>>> client.
>>>>> Now I am trying to set up Maven to build and deploy my project to this
>>>>> provider. The problem is that I am getting these messages from Maven:
>>>>>
>>>>> <snip>
>>>>> [WARNING] repository metadata for: 'snapshot
>>>>> org.wirexn.build.extensions:wirexn-
>>>>> build-extensions:1.0-alpha-4-SNAPSHOT' could not be retrieved from
>>>>> repository: s
>>>>> napshots@wirexn.net due to an error: Error transferring file
>>>>> [INFO] Repository 'snapshots@wirexn.net' will be blacklisted
>>>>> </snip>
>>>>>
>>>>> ...and the artifacts cannot be resolved (of course).
>>>>>
>>>>> I tried to see if this is a JRE specific problem. Downloaded a
>>>>> Java-based WebDAV client (DAVExplorer), and it fails to connect with
>>>>> this error message:
>>>>>
>>>>> javax.net.ssl.SSLException: Name in certificate "his.domain.name" does
>>>>> not match host name " my.domain.name"
>>>>>
>>>>> Anyone knows about a hidden switch/option/configuration file to make
>> the
>>>>> JRE accept the SSL connection even if the host name doesn't match to
>>>>> that on the certificate?
>>>>>
>>>>> Please help,
>>>>> Adrian.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>>>>> For additional commands, e-mail: users-help@maven.apache.org
>>>>>
>>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>> For additional commands, e-mail: users-help@maven.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org


Mime
View raw message