You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@netbeans.apache.org by "Benjamin Asbach (Jira)" <ji...@apache.org> on 2021/09/28 20:55:00 UTC
[jira] [Commented] (NETBEANS-5956) Wildcard certificate of
*.apache.org not accepted by IDE TrustManager for use in pom.xml
[ https://issues.apache.org/jira/browse/NETBEANS-5956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17421786#comment-17421786 ]
Benjamin Asbach commented on NETBEANS-5956:
-------------------------------------------
Still a problem in 12.5.
> Wildcard certificate of *.apache.org not accepted by IDE TrustManager for use in pom.xml
> ----------------------------------------------------------------------------------------
>
> Key: NETBEANS-5956
> URL: https://issues.apache.org/jira/browse/NETBEANS-5956
> Project: NetBeans
> Issue Type: Bug
> Components: editor - Completion & Templates
> Affects Versions: 12.4, 12.5
> Reporter: Ronny Perinke
> Priority: Major
> Fix For: 12.5
>
> Attachments: image-2021-08-27-20-52-46-248.png
>
>
> If you have a Maven project and open a pom.xml with xsi:schemalocation set, you will get an error from the IDE that the certificate of "*.apache.org" could not be verified. This seems to be an issue with the new wildcard cert. The certificate is accepted by the JRE trust-store as a quick check with jshell reveals.
> !image-2021-08-27-20-52-46-248.png!
> If you do not accept the certificate and the two from certificate chain, you lose auto-completion and schema validation for the pom.
> messages.log says
> {code:title=messages.log}
> INFO [org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl]: The certificate is not trusted by IDE TrustManager
> java.security.cert.CertificateException: The certificate is not trusted by IDE TrustManager
> at org.netbeans.modules.xml.retriever.impl.SecureURLResourceRetriever$1.checkServerTrusted(SecureURLResourceRetriever.java:114)
> at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1442)
> at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
> Caused: javax.net.ssl.SSLHandshakeException: The certificate is not trusted by IDE TrustManager
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
> at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369)
> at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
> at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
> at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
> at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
> at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
> at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
> at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
> at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
> at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
> at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
> at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:451)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:422)
> at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:574)
> at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
> at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142)
> at org.netbeans.modules.xml.retriever.impl.URLResourceRetriever.getInputStreamOfURL(URLResourceRetriever.java:144)
> at org.netbeans.modules.xml.retriever.impl.SecureURLResourceRetriever.retrieveDocument(SecureURLResourceRetriever.java:74)
> [catch] at org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl.getModelSource(CatalogModelImpl.java:263)
> at org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl.doGetModelSource(CatalogModelImpl.java:244)
> at org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl.getModelSource(CatalogModelImpl.java:167)
> at org.netbeans.modules.xml.schema.completion.util.DefaultModelProvider.getCompletionModel(DefaultModelProvider.java:102)
> at org.netbeans.modules.xml.schema.completion.util.DefaultModelProvider.getModels(DefaultModelProvider.java:62)
> at org.netbeans.modules.xml.schema.completion.util.CompletionContextImpl.initModels(CompletionContextImpl.java:938)
> at org.netbeans.modules.xml.schema.completion.CompletionQuery.getCompletionItems(CompletionQuery.java:343)
> at org.netbeans.modules.xml.schema.completion.CompletionQuery$ModelTask.run(CompletionQuery.java:310)
> at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:1418)
> at org.netbeans.modules.openide.util.GlobalLookup.execute(GlobalLookup.java:45)
> at org.openide.util.lookup.Lookups.executeWith(Lookups.java:278)
> at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:2033)
> {code}
> {code:title=check with jshell}
> jshell> HttpClient.newHttpClient().sendAsync(HttpRequest.newBuilder().uri(URI.create("https://maven.apache.org/xsd/maven-4.0.0.xsd")).build(), HttpResponse.BodyHandlers.ofString()).thenApply(HttpResponse::body).thenAccept(System.out::println).join();
> <?xml version="1.0"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one
> or more contributor license agreements. See the NOTICE file
> distributed with this work for additional information
> regarding copyright ownership. The ASF licenses this file
> to you under the Apache License, Version 2.0 (the
> "License"); you may not use this file except in compliance
> with the License. You may obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0
> Unless required by applicable law or agreed to in writing,
> software distributed under the License is distributed on an
> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> KIND, either express or implied. See the License for the
> specific language governing permissions and limitations
> under the License.
> -->
> {code}
> Java -version
> openjdk version "16.0.2" 2021-07-20
> OpenJDK Runtime Environment Temurin-16.0.2+7 (build 16.0.2+7)
> OpenJDK 64-Bit Server VM Temurin-16.0.2+7 (build 16.0.2+7, mixed mode, sharing)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists