[jira] Commented: (MNG-3230) HTTPS with self-signed certificate does not work, no error message.

Sun, 02 Mar 2008 07:27:00 -0800 

    [ 
http://jira.codehaus.org/browse/MNG-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_125787
 ] 

Marcello Teodori commented on MNG-3230:
---------------------------------------

I can confirm the same behaviour, my current workaround is to use HTTP instead 
of HTTPS as fortunately I can modify how the repository gets published.
Adding -e or -X I don't get any meaningful error message or warning about the 
repository being skipped because of an untrusted SSL certificate, just a part 
of  exception stack trace from the DefaultArtifactResolver which cannot find 
the dependencies on any repository.
If the problem is about the certifcate and not elsewhere, I think that it could 
be useful to have some plugin property to give trust to self-signed certs fora 
a HTTP repository.





> HTTPS with self-signed certificate does not work, no error message.
> -------------------------------------------------------------------
>
>                 Key: MNG-3230
>                 URL: http://jira.codehaus.org/browse/MNG-3230
>             Project: Maven 2
>          Issue Type: Bug
>          Components: Artifacts and Repositories
>    Affects Versions: 2.0.7
>            Reporter: Andreas Krüger
>             Fix For: 2.0.x
>
>
> We have a repository server that serves the same files both via HTTPS and 
> HTTP.
> Maven is not able to find artifacts when using HTTPS. All goes well when 
> using HTTP.
> The problem probably is that the HTTPS - certificate used by the repository 
> server is self-signed, and Maven has not been configured to accept that 
> certificate as genuine. (This is a guess.)
> Expected behavior: With HTTPS, build does not continue. Maven gives an error 
> message indicating the problem is certificate-related.
> Behavior seen: Maven reacts as if there were no problem connecting the 
> repository, but as if the artifact were missing from the repository. It 
> continues to search other repositories as happen to be configured. (However, 
> the artifact is clearly there, e.g., can be downloaded with "wget  
> --no-check-certificate " via HTTPS.)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to