[
https://issues.apache.org/jira/browse/WAGON-452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16427473#comment-16427473
]
ASF GitHub Bot commented on WAGON-452:
--------------------------------------
asfgit closed pull request #36: [WAGON-452] RelaxedTrustStrategy handle
multiple certificates
URL: https://github.com/apache/maven-wagon/pull/36
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java
b/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java
index ca9bc9a5..26e49367 100644
---
a/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java
+++
b/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java
@@ -45,24 +45,27 @@ public RelaxedTrustStrategy( boolean ignoreSSLValidityDates
)
public boolean isTrusted( X509Certificate[] certificates, String authType )
throws CertificateException
{
- if ( ( certificates != null ) && ( certificates.length == 1 ) )
+ if ( ( certificates != null ) && ( certificates.length > 0 ) )
{
- try
+ for ( X509Certificate currentCertificate : certificates )
{
- certificates[0].checkValidity();
- }
- catch ( CertificateExpiredException e )
- {
- if ( !ignoreSSLValidityDates )
+ try
{
- throw e;
+ currentCertificate.checkValidity();
}
- }
- catch ( CertificateNotYetValidException e )
- {
- if ( !ignoreSSLValidityDates )
+ catch ( CertificateExpiredException e )
+ {
+ if ( !ignoreSSLValidityDates )
+ {
+ throw e;
+ }
+ }
+ catch ( CertificateNotYetValidException e )
{
- throw e;
+ if ( !ignoreSSLValidityDates )
+ {
+ throw e;
+ }
}
}
return true;
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> RelaxedTrustStrategy does not handle multiple certificates
> ----------------------------------------------------------
>
> Key: WAGON-452
> URL: https://issues.apache.org/jira/browse/WAGON-452
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http, wagon-http-lightweight
> Affects Versions: 2.10
> Reporter: VĂtor Teixeira
> Assignee: Michael Osipov
> Priority: Major
> Labels: easyfix, maven, security
> Fix For: 3.0.1
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> On org.apache.maven.wagon.providers.http.RelaxedTrustStrategy exception
> handling is missing.
> With maven.wagon.http.ssl.ignore.validity.dates=true the following exception
> is thrown:
> sun.security.validator.ValidatorException: PKIX path validation failed:
> java.security.cert.CertPathValidatorException: timestamp check failed:
> NotAfter: Tue Dec 29 23:59:59 GMT 2015 -> [Help 1]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
