[jira] [Commented] (MJAVADOC-507) -linkoffline rejects valid package-list files because of SSL problems

Thu, 01 Feb 2018 12:22:30 -0800 

    [ 
https://issues.apache.org/jira/browse/MJAVADOC-507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16349198#comment-16349198
 ] 

Chris Povirk commented on MJAVADOC-507:
---------------------------------------

I haven't investigated again in detail, but I'm now seeing an error like this 
for an {{offlineLink}} to the JDK itself:

{{[ERROR] Error fetching link: 
https://docs.oracle.com/javase/9/docs/api//package-list. Ignored it.}}

Since I can load that file fine in my browser, I suspect this bug. (If so, it 
may at least go away for now when I upgrade to Java 9.)

> -linkoffline rejects valid package-list files because of SSL problems
> ---------------------------------------------------------------------
>
>                 Key: MJAVADOC-507
>                 URL: https://issues.apache.org/jira/browse/MJAVADOC-507
>             Project: Maven Javadoc Plugin
>          Issue Type: Bug
>          Components: javadoc
>    Affects Versions: 3.0.0
>         Environment: Java 8
>            Reporter: Chris Povirk
>            Priority: Minor
>
> For weird reasons, we're trying to use <offlineLinks> rather than <links> for 
> some of our links. Our configuration includes:
> {code:xml}            <offlineLink>
>               <url>https://checkerframework.org/api</url>
>               <location>https://checkerframework.org/api</location>
>             </offlineLink>{code}
> If I run javadoc with -linkoffline set to this URL and location, I get links 
> in the resulting docs. However, if I run maven-javadoc-plugin, I get an error:
> {noformat}[ERROR] Error fetching link: 
> https://checkerframework.org/api/package-list. Ignored it.{noformat}
> Since javadoc can load the package-list fine and so can my browser, there 
> seems to be something wrong in maven-javadoc-plugin. To debug, I built my own 
> maven-javadoc-plugin, modified to display the full error that caused the 
> failure. It showed this:
> {noformat}javax.net.ssl.SSLException: Certificate for <checkerframework.org> 
> doesn't match any of the subject alternative names: [*.cs.washington.edu]
>         at 
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:165)
>         at 
> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
>         at 
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:141)
>         at 
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
>         at 
> org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:580)
>         at 
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554)
>         at 
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
>         at 
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
>         at 
> org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
>         at 
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
>         at 
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
>         at 
> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
>         at 
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>         at 
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>         at 
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>         at 
> org.apache.maven.plugins.javadoc.JavadocUtil.isValidPackageList(JavadocUtil.java:1666){noformat}
> Now, I *don't* see this error if I run with Java 9. This suggests to me that 
> each copy of Java has its own certificate list/logic. That means that the 
> problem isn't in maven-javadoc-plugin per se.
> However, it seems inevitable that the built-in Java list will go out of date 
> again, and maven-javadoc-plugin will fail again for some other site.
> One solution would be for maven-javadoc-plugin to do whatever it is that 
> Javadoc itself does to recognize more certificates. However, this sounds 
> complicated.
> The simple solution would be for maven-javadoc-plugin to stop pre-validating 
> package-list files altogether (since Javadoc will ignore them if they're 
> truly missing). But, if you want to keep the validation, then I'd suggest 
> passing all URLs to Javadoc, even the ones that fail validation. That way, 
> users still get a loud, red/yellow Maven error/warning for real problems, but 
> false problems like the one here don't keep Javadoc links from working.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to