[ https://issues.apache.org/jira/browse/WAGON-452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16427130#comment-16427130 ]
Michael Osipov commented on WAGON-452: -------------------------------------- While I am not the author of the code and can only guess, I think that the code was tested with a selfsigned cert which contains only one element in the chain. > Missing exception handling when maven.wagon.http.ssl.ignore.validity.dates > flag is set to 'true' > ------------------------------------------------------------------------------------------------ > > Key: WAGON-452 > URL: https://issues.apache.org/jira/browse/WAGON-452 > Project: Maven Wagon > Issue Type: Bug > Components: wagon-http > Affects Versions: 2.10 > Reporter: VĂtor Teixeira > Priority: Major > Labels: easyfix, maven, security > Fix For: waiting-for-feedback > > Original Estimate: 24h > Remaining Estimate: 24h > > On org.apache.maven.wagon.providers.http.RelaxedTrustStrategy exception > handling is missing. > With maven.wagon.http.ssl.ignore.validity.dates=true the following exception > is thrown: > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: timestamp check failed: > NotAfter: Tue Dec 29 23:59:59 GMT 2015 -> [Help 1] -- This message was sent by Atlassian JIRA (v7.6.3#76005)