maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Döblitz (JIRA) <j...@apache.org>
Subject [jira] [Commented] (WAGON-452) Missing exception handling when maven.wagon.http.ssl.ignore.validity.dates flag is set to 'true'
Date Thu, 05 Apr 2018 15:16:00 GMT

    [ https://issues.apache.org/jira/browse/WAGON-452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16427084#comment-16427084
] 

André Döblitz commented on WAGON-452:
-------------------------------------

Yep, thats the main point ;)

What is the intention of limiting this to exactly 1?

> Missing exception handling when maven.wagon.http.ssl.ignore.validity.dates flag is set
to 'true'
> ------------------------------------------------------------------------------------------------
>
>                 Key: WAGON-452
>                 URL: https://issues.apache.org/jira/browse/WAGON-452
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-http
>    Affects Versions: 2.10
>            Reporter: Vítor Teixeira
>            Priority: Major
>              Labels: easyfix, maven, security
>             Fix For: waiting-for-feedback
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> On org.apache.maven.wagon.providers.http.RelaxedTrustStrategy exception handling is missing.
> With maven.wagon.http.ssl.ignore.validity.dates=true the following exception is thrown:
> sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed: NotAfter: Tue Dec 29 23:59:59 GMT 2015 -> [Help 1]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message