Rupinder S. Gill created MNG-7694:
-------------------------------------
Summary: Maven 3.9.0 switched to HttpTransporter from
WagonTransporter, breaking downloads from server using self-signed SSL-certs
Key: MNG-7694
URL: https://issues.apache.org/jira/browse/MNG-7694
Project: Maven
Issue Type: Bug
Components: Artifacts and Repositories
Affects Versions: 3.9.0
Environment: Bitbucket pipeline build using
maven:3.9.0-eclipse-temurin-8 docker image.
Reporter: Rupinder S. Gill
Our Bitbucket pipeline stopped working this morning, failing to download a
plugin from our maven repository (Reposilite) that uses self-signed
SSL-certificate. We are passing "-Dmaven.http.ssl.insecure=true" option to mvn
and all versions of maven up-to 3.8.7 work fine.
Doing some digging with the -X option, we discovered that our pipeline was now
using maven 3.9.0, which no longer uses WagonTransporter. Instead,
HttpTransporter is used, which is raising "SunCertPathBuilderException: unable
to find valid certification path to requested target" exception (similar to
what WagonTransporter would do without the "-Dmaven.http.ssl.insecure=true"
option.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
