[jira] (CONTINUUM-2501) Exception while downloading pom from https url

Sat, 31 Jan 2015 13:14:53 -0800 

    [ 
https://jira.codehaus.org/browse/CONTINUUM-2501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=362164#comment-362164
 ] 

Brent N Atkinson commented on CONTINUUM-2501:
---------------------------------------------

The fix provided will likely be unacceptable for most applications. My 
understanding is that this works around handshake issues by limiting the 
protocols attempted to only the specified list. This means that it will only 
attempt SSLv3, which will make servers limited to SSLv3 work, but for servers 
not supporting it (it isn't secure and it is often disabled) it will break.

I will attempt to confirm this locally. My suspicion is that this issue is 
server-configuration specific   and we probably won't want to use this 
technique to address it.

> Exception while downloading pom from https url
> ----------------------------------------------
>
>                 Key: CONTINUUM-2501
>                 URL: https://jira.codehaus.org/browse/CONTINUUM-2501
>             Project: Continuum
>          Issue Type: Bug
>          Components: Core system
>    Affects Versions: 1.2.3, 1.3.6, 1.4.0 (Beta), 1.4.1
>            Reporter: Vlado Pesov
>            Assignee: Brent N Atkinson
>            Priority: Minor
>             Fix For: 1.5.0
>
>         Attachments: EasySSLSocketFactory.patch
>
>
> The exception is because the http client cannot handle certificates for SSLv3 
> protocol, so this support must be explicitly enabled. Here is the exception:
> Could not download the URL: https://xxxxxx:*****@hostname.com/project/pom.xml
> javax.net.ssl.SSLException: Connection has been shutdown: 
> javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
>        at com.sun.net.ssl.internal.ssl.
>  SSLSocketImpl.checkEOF(SSLSocketImpl.java:1267)
>         at 
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1279)
>         at 
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:43)
>         at 
> org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:87)
>         at 
> org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:94)
>         at 
> org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:171)
>         at 
> org.apache.http.impl.SocketHttpClientConnection.close(SocketHttpClientConnection.java:192)
>         at 
> org.apache.http.impl.conn.DefaultClientConnection.close(DefaultClientConnection.java:161)
>         at 
> org.apache.http.impl.conn.AbstractPooledConnAdapter.close(AbstractPooledConnAdapter.java:158)
>         at 
> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
>         at 
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:410)
>         at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
>         at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
>         at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
>         at 
> org.apache.maven.continuum.project.builder.AbstractContinuumProjectBuilder.createMetadataFile(AbstractContinuumProjectBuilder.java:122)
>         at 
> org.apache.maven.continuum.project.builder.AbstractContinuumProjectBuilder.createMetadataFile(AbstractContinuumProjectBuilder.java:244)
>         at 
> org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder.readModules(MavenTwoContinuumProjectBuilder.java:149)
>         at 
> org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder.buildProjectsFromMetadata(MavenTwoContinuumProjectBuilder.java:124)
>         at 
> org.apache.maven.continuum.core.action.CreateProjectsFromMetadataAction.execute(CreateProjectsFromMetadataAction.java:152)
>         at 
> org.apache.maven.continuum.DefaultContinuum.executeAction(DefaultContinuum.java:2759)
>         at 
> org.apache.maven.continuum.DefaultContinuum.executeAddProjectsFromMetadataActivity(DefaultContinuum.java:1569)
>         at 
> org.apache.maven.continuum.DefaultContinuum.executeAddProjectsFromMetadataActivity(DefaultContinuum.java:1815)
>         at 
> org.apache.maven.continuum.DefaultContinuum.addMavenTwoProject(DefaultContinuum.java:1365)
>         at 
> org.apache.maven.continuum.web.action.AddMavenTwoProjectAction.doExecute(AddMavenTwoProjectAction.java:109)
>         at 
> org.apache.maven.continuum.web.action.AddMavenProjectAction.execute(AddMavenProjectAction.java:189)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at 
> com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:404)
>         at 
> com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:267)
>         at 
> org.apache.struts2.interceptor.BackgroundProcess$1.run(BackgroundProcess.java:56)
>         at java.lang.Thread.run(Thread.java:619)
>  Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
>         at 
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
>         at 
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
>         at 
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1694)
>         at 
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:939)
>         at 
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
>         at 
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
>         at 
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>         at 
> org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:87)
>         at 
> org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:94)
>         at 
> org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:171)
>         at 
> org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:176)
>         at 
> org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:221)
>         at 
> org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:240)
>         at 
> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:119)
>         ... 23 more



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)

Reply via email to