You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "cstamas (via GitHub)" <gi...@apache.org> on 2023/02/24 13:38:42 UTC
[GitHub] [maven-resolver] cstamas opened a new pull request, #255: [MRESOLVER-328] SSL insecure mode
cstamas opened a new pull request, #255:
URL: https://github.com/apache/maven-resolver/pull/255
The transport-http now has "insecure" SSL mode that simply ignores any kind of SSL validation error (trust, certificate dates, hostnames). This mode is NOT MEANT for production, as it is inherently insecure but may come handy in small shops using self signed certificates.
---
https://issues.apache.org/jira/browse/MRESOLVER-328
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "michael-o (via GitHub)" <gi...@apache.org>.
michael-o commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121341642
##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo ID Suffix
`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
`aether.connector.http.retryHandler.count` | int | The maximum number of times a request to a remote HTTP server should be retried in case of an error. | `3` | yes
`aether.connector.https.cipherSuites` | String | Comma-separated list of [Cipher Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites) which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may set the "security mode" of HTTPS connector. Any other mode than 'default' is NOT MEANT for production, as it is inherently not secure. Accepted values: "default", "insecure" (ignore any kind of certificate validation errors and hostname validation checks). | `"default"` | yes
Review Comment:
This desc does not correspond to the actual code. There are three cases, you have covered only two. You miss to cover valid before and valid after, means cert not yet valid or expired.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "cstamas (via GitHub)" <gi...@apache.org>.
cstamas commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121364807
##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo ID Suffix
`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
`aether.connector.http.retryHandler.count` | int | The maximum number of times a request to a remote HTTP server should be retried in case of an error. | `3` | yes
`aether.connector.https.cipherSuites` | String | Comma-separated list of [Cipher Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites) which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may set the "security mode" of HTTPS connector. Any other mode than 'default' is NOT MEANT for production, as it is inherently not secure. Accepted values: "default", "insecure" (ignore any kind of certificate validation errors and hostname validation checks). | `"default"` | yes
Review Comment:
W00t? There are two cases covered in code (everything else throws), and also in doco. What are you talking about exactly?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "michael-o (via GitHub)" <gi...@apache.org>.
michael-o commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121393109
##########
maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpServer.java:
##########
@@ -136,9 +136,17 @@ public String getHttpsUrl() {
}
public HttpServer addSslConnector() {
+ return addSslConnector(true);
+ }
+
+ public HttpServer addSelfSignedSslConnector() {
+ return addSslConnector(false);
+ }
Review Comment:
Where? `addSslConnector()` still passes true.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "michael-o (via GitHub)" <gi...@apache.org>.
michael-o commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121368246
##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo ID Suffix
`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
`aether.connector.http.retryHandler.count` | int | The maximum number of times a request to a remote HTTP server should be retried in case of an error. | `3` | yes
`aether.connector.https.cipherSuites` | String | Comma-separated list of [Cipher Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites) which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may set the "security mode" of HTTPS connector. Any other mode than 'default' is NOT MEANT for production, as it is inherently not secure. Accepted values: "default", "insecure" (ignore any kind of certificate validation errors and hostname validation checks). | `"default"` | yes
Review Comment:
see: https://github.com/apache/maven-wagon/blob/aff693c6f90371aab0ae07ffcfb9bce4d3214fd1/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java#L368-L370
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "cstamas (via GitHub)" <gi...@apache.org>.
cstamas commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121375206
##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo ID Suffix
`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
`aether.connector.http.retryHandler.count` | int | The maximum number of times a request to a remote HTTP server should be retried in case of an error. | `3` | yes
`aether.connector.https.cipherSuites` | String | Comma-separated list of [Cipher Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites) which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may set the "security mode" of HTTPS connector. Any other mode than 'default' is NOT MEANT for production, as it is inherently not secure. Accepted values: "default", "insecure" (ignore any kind of certificate validation errors and hostname validation checks). | `"default"` | yes
Review Comment:
As per @gnodet request, the "mode" is now string, so we can improve it, and even have a list like mode="ignore-cert-dates,ignore-hostname-validation", but doing that is off. What originally user asked for was support for self signed certs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas merged pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "cstamas (via GitHub)" <gi...@apache.org>.
cstamas merged PR #255:
URL: https://github.com/apache/maven-resolver/pull/255
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "michael-o (via GitHub)" <gi...@apache.org>.
michael-o commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121339099
##########
maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpServer.java:
##########
@@ -136,9 +136,17 @@ public String getHttpsUrl() {
}
public HttpServer addSslConnector() {
+ return addSslConnector(true);
+ }
+
+ public HttpServer addSelfSignedSslConnector() {
+ return addSslConnector(false);
+ }
Review Comment:
This does not make sense. How does client authentication relate to self-signed or not?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "cstamas (via GitHub)" <gi...@apache.org>.
cstamas commented on PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#issuecomment-1444126459
IMHO, having it in doco is completely enough, as on reported issue (and "smaller shops"), they may work with self signed certs, and we would just "punish" them by logging a warning in each their build log.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] gnodet commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "gnodet (via GitHub)" <gi...@apache.org>.
gnodet commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121267926
##########
maven-resolver-api/src/main/java/org/eclipse/aether/ConfigurationProperties.java:
##########
@@ -144,6 +144,22 @@ public final class ConfigurationProperties {
*/
public static final int DEFAULT_HTTP_RETRY_HANDLER_COUNT = 3;
+ /**
+ * The flag that makes HTTPS transport ignore any kind of SSL errors (certificate validity checks,
+ * hostname verification).
+ *
+ * @see #DEFAULT_HTTPS_INSECURE
+ * @since 1.9.6
+ */
+ public static final String HTTPS_INSECURE = PREFIX_CONNECTOR + "https.insecure";
Review Comment:
Should we use a string property `https.security` with some values `secured`, `insecured` for now ? This would allow more openness for things like `no-host-verifier,no-certificate-check` ...
##########
maven-resolver-transport-http/src/main/java/org/eclipse/aether/transport/http/GlobalState.java:
##########
@@ -154,18 +157,30 @@ public static HttpClientConnectionManager newConnectionManager(SslConfig sslConf
if (sslConfig == null) {
registryBuilder.register("https", SSLConnectionSocketFactory.getSystemSocketFactory());
} else {
- SSLSocketFactory sslSocketFactory = (sslConfig.context != null)
- ? sslConfig.context.getSocketFactory()
- : (SSLSocketFactory) SSLSocketFactory.getDefault();
-
- HostnameVerifier hostnameVerifier = (sslConfig.verifier != null)
- ? sslConfig.verifier
- : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
-
- registryBuilder.register(
- "https",
- new SSLConnectionSocketFactory(
- sslSocketFactory, sslConfig.protocols, sslConfig.cipherSuites, hostnameVerifier));
+ // config present: use provided, if any, or defaults (depending on insecure)
+ try {
+ SSLSocketFactory sslSocketFactory = (sslConfig.context != null)
+ ? sslConfig.context.getSocketFactory()
+ : sslConfig.insecure
+ ? new SSLContextBuilder()
+ .loadTrustMaterial(null, (chain, auth) -> true)
+ .build()
+ .getSocketFactory()
+ : (SSLSocketFactory) SSLSocketFactory.getDefault();
+
+ HostnameVerifier hostnameVerifier = (sslConfig.verifier != null)
+ ? sslConfig.verifier
+ : sslConfig.insecure
+ ? NoopHostnameVerifier.INSTANCE
+ : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
+
+ registryBuilder.register(
+ "https",
+ new SSLConnectionSocketFactory(
+ sslSocketFactory, sslConfig.protocols, sslConfig.cipherSuites, hostnameVerifier));
+ } catch (Exception e) {
+ throw new SSLInitializationException("Could not configure 'insecure' SSL", e);
Review Comment:
The exception message looks incoherent with the code. We're not configuring _insecure_ ssl specifically in the code block. So I think we should either restrict the `try`/`catch` block to _insecure ssl_ configuration, or change the message.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "cstamas (via GitHub)" <gi...@apache.org>.
cstamas commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121373386
##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo ID Suffix
`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
`aether.connector.http.retryHandler.count` | int | The maximum number of times a request to a remote HTTP server should be retried in case of an error. | `3` | yes
`aether.connector.https.cipherSuites` | String | Comma-separated list of [Cipher Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites) which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may set the "security mode" of HTTPS connector. Any other mode than 'default' is NOT MEANT for production, as it is inherently not secure. Accepted values: "default", "insecure" (ignore any kind of certificate validation errors and hostname validation checks). | `"default"` | yes
Review Comment:
Still unsure what you mean: why would maven-resolver-transport-http support Wagon specific `maven.wagon.http.ssl.ignore.validity.dates`? For now we offer two "modes": default and insecure (ignores everything). If users come with this request, we will add it, but currently the code does not support this, is more like "all or nothing".
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "cstamas (via GitHub)" <gi...@apache.org>.
cstamas commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121403410
##########
maven-resolver-api/src/main/java/org/eclipse/aether/ConfigurationProperties.java:
##########
@@ -144,6 +144,22 @@ public final class ConfigurationProperties {
*/
public static final int DEFAULT_HTTP_RETRY_HANDLER_COUNT = 3;
+ /**
+ * The flag that makes HTTPS transport ignore any kind of SSL errors (certificate validity checks,
+ * hostname verification).
+ *
+ * @see #DEFAULT_HTTPS_INSECURE
+ * @since 1.9.6
+ */
+ public static final String HTTPS_INSECURE = PREFIX_CONNECTOR + "https.insecure";
Review Comment:
fixed
##########
maven-resolver-transport-http/src/main/java/org/eclipse/aether/transport/http/GlobalState.java:
##########
@@ -154,18 +157,30 @@ public static HttpClientConnectionManager newConnectionManager(SslConfig sslConf
if (sslConfig == null) {
registryBuilder.register("https", SSLConnectionSocketFactory.getSystemSocketFactory());
} else {
- SSLSocketFactory sslSocketFactory = (sslConfig.context != null)
- ? sslConfig.context.getSocketFactory()
- : (SSLSocketFactory) SSLSocketFactory.getDefault();
-
- HostnameVerifier hostnameVerifier = (sslConfig.verifier != null)
- ? sslConfig.verifier
- : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
-
- registryBuilder.register(
- "https",
- new SSLConnectionSocketFactory(
- sslSocketFactory, sslConfig.protocols, sslConfig.cipherSuites, hostnameVerifier));
+ // config present: use provided, if any, or defaults (depending on insecure)
+ try {
+ SSLSocketFactory sslSocketFactory = (sslConfig.context != null)
+ ? sslConfig.context.getSocketFactory()
+ : sslConfig.insecure
+ ? new SSLContextBuilder()
+ .loadTrustMaterial(null, (chain, auth) -> true)
+ .build()
+ .getSocketFactory()
+ : (SSLSocketFactory) SSLSocketFactory.getDefault();
+
+ HostnameVerifier hostnameVerifier = (sslConfig.verifier != null)
+ ? sslConfig.verifier
+ : sslConfig.insecure
+ ? NoopHostnameVerifier.INSTANCE
+ : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
+
+ registryBuilder.register(
+ "https",
+ new SSLConnectionSocketFactory(
+ sslSocketFactory, sslConfig.protocols, sslConfig.cipherSuites, hostnameVerifier));
+ } catch (Exception e) {
+ throw new SSLInitializationException("Could not configure 'insecure' SSL", e);
Review Comment:
fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] slawekjaranowski commented on pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "slawekjaranowski (via GitHub)" <gi...@apache.org>.
slawekjaranowski commented on PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#issuecomment-1443968190
As we know that - this mode is NOT MEANT for production,
maybe we should add a log with warning that is enabled to mitigate wrong configuration on user side
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "michael-o (via GitHub)" <gi...@apache.org>.
michael-o commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1122742986
##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo ID Suffix
`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
`aether.connector.http.retryHandler.count` | int | The maximum number of times a request to a remote HTTP server should be retried in case of an error. | `3` | yes
`aether.connector.https.cipherSuites` | String | Comma-separated list of [Cipher Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites) which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may set the "security mode" of HTTPS connector. Any other mode than 'default' is NOT MEANT for production, as it is inherently not secure. Accepted values: "default", "insecure" (ignore any kind of certificate validation errors and hostname validation checks). | `"default"` | yes
Review Comment:
Agreed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "michael-o (via GitHub)" <gi...@apache.org>.
michael-o commented on PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#issuecomment-1449548282
> IMHO, having it in doco is completely enough, as on reported issue (and "smaller shops"), they may work with self signed certs, and we would just "punish" them by logging a warning in each their build log.
Smaller shops can add their certs into their truststores as well. IMHO,
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "michael-o (via GitHub)" <gi...@apache.org>.
michael-o commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121339701
##########
maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpTransporterTest.java:
##########
@@ -395,6 +395,27 @@ public void testGet_SSL() throws Exception {
assertEquals(task.getDataString(), new String(listener.baos.toByteArray(), StandardCharsets.UTF_8));
}
+ @Test
+ public void testGet_SelfSigned_SSL() throws Exception {
+ // client gets all the material removed (and later recreated)
+ System.clearProperty("javax.net.ssl.trustStore");
+ System.clearProperty("javax.net.ssl.trustStorePassword");
+ System.clearProperty("javax.net.ssl.keyStore");
+ System.clearProperty("javax.net.ssl.keyStorePassword");
+ session.setConfigProperty("aether.connector.http.ssl.insecure", true);
Review Comment:
This is really, really ugly..., no?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #255: [MRESOLVER-328] SSL insecure mode
Posted by "cstamas (via GitHub)" <gi...@apache.org>.
cstamas commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121366391
##########
maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpTransporterTest.java:
##########
@@ -395,6 +395,27 @@ public void testGet_SSL() throws Exception {
assertEquals(task.getDataString(), new String(listener.baos.toByteArray(), StandardCharsets.UTF_8));
}
+ @Test
+ public void testGet_SelfSigned_SSL() throws Exception {
+ // client gets all the material removed (and later recreated)
+ System.clearProperty("javax.net.ssl.trustStore");
+ System.clearProperty("javax.net.ssl.trustStorePassword");
+ System.clearProperty("javax.net.ssl.keyStore");
+ System.clearProperty("javax.net.ssl.keyStorePassword");
+ session.setConfigProperty("aether.connector.http.ssl.insecure", true);
Review Comment:
fixed
##########
maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpServer.java:
##########
@@ -136,9 +136,17 @@ public String getHttpsUrl() {
}
public HttpServer addSslConnector() {
+ return addSslConnector(true);
+ }
+
+ public HttpServer addSelfSignedSslConnector() {
+ return addSslConnector(false);
+ }
Review Comment:
fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org