maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Herscu <bmf1...@fastmail.fm>
Subject Re: [m2] SSL certificate name does not match
Date Tue, 16 Oct 2007 10:25:34 GMT
Perhaps sometime, someone will want to add a switch that turns off host 
name verification. This seems to be supported in the HttpClient 4.0 API.
Any comments?

Adrian Herscu wrote:
> Hi David,
> 
> Thanks for your reply.
> I checked that blog; however the solution described there seems to 
> belong to other problem:
> 
> <snip>
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
> find valid certification path to requested target
> [This happens] when trying to open an SSL connection to a host using 
> JSSE. What this usually means is that the server is using a test 
> certificate (possibly generated using keytool) rather than a certificate 
> from a well known commercial Certification Authority such as Verisign or 
> GoDaddy. Web browsers display warning dialogs in this case, but since 
> JSSE cannot assume an interactive user is present it just throws an 
> exception by default.
> </snip>
> 
> Because I am somewhat desperate, I have tested that program. It seems to 
> do what the standard keytool does... I copied the generated jssecacert 
> file into my ${jre.home}/lib/security directory and hoped for the 
> best... But it didn't happen :-( I checked that the file was read using 
> a file monitor, and it was read.
> 
> It seems that the solution could only be provided by applications (
> http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#ciphersuitechoice).

> 
> In this case, Maven should provide the option to override the default 
> host name checking algorithm with a do-nothing one.
> 
> Adrian.
> 
> David Williams wrote:
>> Sorry it was late when I replied. = )  Here's the link
>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find
>>
>> On 10/11/07, Adrian Herscu <bmf1972@fastmail.fm> wrote:
>>> Yeah... Where is the link :-)?
>>>
>>> I tried to play with the keytool program. I have imported the SSL
>>> certificate into my key store; this creates a file named .keystore in
>>> C:\Documents and Settings\me. I tried to run Maven and DAVExplorer;
>>> their behavior did not change :-(
>>>
>>> Now the weird things:
>>>
>>> 1. I have monitored the file access to the .keystore file. When I am
>>> running keytool -list the .keystore file is accessed (seems like my file
>>> monitoring program works). When I am running Maven or DAVExplorer, the
>>> .keystore file is not accessed at all!
>>> 2. Maven is able to upload files to my WebDAV server! If I am building
>>> all my modules locally, then I can run mvn deploy and the files are
>>> uploaded!!!
>>>
>>> Adrian.
>>>
>>> Tim Kettler wrote:
>>>> Where's the link :-)?
>>>>
>>>> David Williams schrieb:
>>>>> Adrian,
>>>>>
>>>>> This link may help you.  This java program allows you to manually
>>>>> accept the
>>>>> cert and place the generated file in your JDK or JRE.  Then the java
>>>>> keeps
>>>>> it as an accept cert.  I have not tried this with Maven but it worked
>>>>> with
>>>>> another application where the cert didn't match the server name.  Down
>>>>> side
>>>>> is that it would have to be on every user's machine.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> David
>>>>>
>>>>> On 10/10/07, Adrian Herscu <bmf1972@fastmail.fm> wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I am hosting my project sources and binaries with some external
>>>>>> provider. He cannot set up an SSL certificate for my domain name...
>>>>>> Meanwhile, the only alternative is accept those SSL warnings about
>>>>>> domain name mismatch. I am getting them in my browser and also in
my
>>> SVN
>>>>>> client.
>>>>>> Now I am trying to set up Maven to build and deploy my project to

>>>>>> this
>>>>>> provider. The problem is that I am getting these messages from Maven:
>>>>>>
>>>>>> <snip>
>>>>>> [WARNING] repository metadata for: 'snapshot
>>>>>> org.wirexn.build.extensions:wirexn-
>>>>>> build-extensions:1.0-alpha-4-SNAPSHOT' could not be retrieved from
>>>>>> repository: s
>>>>>> napshots@wirexn.net due to an error: Error transferring file
>>>>>> [INFO] Repository 'snapshots@wirexn.net' will be blacklisted
>>>>>> </snip>
>>>>>>
>>>>>> ...and the artifacts cannot be resolved (of course).
>>>>>>
>>>>>> I tried to see if this is a JRE specific problem. Downloaded a
>>>>>> Java-based WebDAV client (DAVExplorer), and it fails to connect with
>>>>>> this error message:
>>>>>>
>>>>>> javax.net.ssl.SSLException: Name in certificate "his.domain.name"

>>>>>> does
>>>>>> not match host name " my.domain.name"
>>>>>>
>>>>>> Anyone knows about a hidden switch/option/configuration file to make
>>> the
>>>>>> JRE accept the SSL connection even if the host name doesn't match
to
>>>>>> that on the certificate?
>>>>>>
>>>>>> Please help,
>>>>>> Adrian.
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>>>>>> For additional commands, e-mail: users-help@maven.apache.org
>>>>>>
>>>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>>> For additional commands, e-mail: users-help@maven.apache.org
>>>
>>>
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org


Mime
View raw message