You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Paul Benedict (JIRA)" <ji...@codehaus.org> on 2014/07/02 15:45:17 UTC
[jira] (MNG-4499) Security management: Ease interaction with SSL
sites
[ https://jira.codehaus.org/browse/MNG-4499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Benedict updated MNG-4499:
-------------------------------
Fix Version/s: (was: Issues to be reviewed for 3.x)
> Security management: Ease interaction with SSL sites
> -----------------------------------------------------
>
> Key: MNG-4499
> URL: https://jira.codehaus.org/browse/MNG-4499
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories, Command Line, Deployment
> Affects Versions: Issues to be reviewed for 3.x
> Reporter: Marc Schöchlin
> Priority: Critical
>
> Development environments often use ssl-certificates which are self-signed or signed by company-internal
> certification authorities.
> If the certificate is unknown maven outputs the following message:
> ---
> INFO] Scanning for projects...
> [INFO] snapshot de.foo.bar:bar-parent:0.0.1-SNAPSHOT: checking for updates from snapshots
> [WARNING] repository metadata for: 'snapshot de.foo.bar:bar-parent:0.0.1-SNAPSHOT' could not be retrieved from repository: snapshots due to an error: Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> [INFO] Repository 'snapshots' will be blacklisted
> ---
> This is disastrous form usability point of view :-)
> Procedures like this are very not very convenient for developers:
> ---
> $JAVA_HOME/bin/keytool -import -alias UserTrustExternalCARoot -file UserTrustExternalCARoot.crt -keystore $JAVA_HOME/jre/lib/security/jssecacerts
> export MAVEN_OPTS="-Djavax.net.ssl.keyStore=$HOME/.keystore \
> -Djavax.net.ssl.keyStorePassword=changeit \
> -Djavax.net.ssl.trustStore=$HOME/.keystore \
> -Djavax.net.ssl.trustStorePassword=changeit"
> mvn -Dusername=foo deploy
> ---
> Maven should provide an convenient way to accept a unknown certificate.
> I my opinion this should implemented like this:
> - If the exceptions is raised maven should output a message that the certificate can by downloaded
> and integrated in the keystore in an automated way by invoking the new maven option
> "-dc <hostname> ..<hostname>|--download-certificate <hostname> <hostname>"
> - If this option is invoked, maven automatically downloads the certificate/ca for the specified
> domain and adds it to a keystore located in $HOME/.m2/keystores/<domain> an executes the specified goal
> with this keystore
> - If maven is called without the new option, maven uses the keystores in $HOME/.m2/keystores/<domain>
> before giving up on certificate problems
>
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)