Hello all, for the record my sysadmin and I tried latest Eclipse (2018-12) with a new certificate to secure Archiva and it this time it worked. So the conclusion is that the first certificate was missing something and was a bad one, but also that the upgrade of okhttp made Eclipse's m2e more picky about the correctness of the certificates. Regards
*François Marot* On Fri, 25 Jan 2019 at 00:09, Francois Marot <francois.ma...@gmail.com> wrote: > Thanks Fred. > But I'm a bit lost. Could you advise me what to do ? > Open a bug on m2e with the stacktrace ? > Workaround the problem by recompiling okhttp and disabling the check ? I > hope there is something simpler like a jvm -D flag or something... > > > > *- - - - -François Marot06 50 91 96 38* > > > On Thu, 24 Jan 2019 at 14:49, Fred Bricon <fbri...@gmail.com> wrote: > >> CLI Maven doesn't use OkHttp for transport. I believe OkHttp was chosen >> for m2e for performance reasons, but Igor might certainly know more about >> it. >> Looks like aether-connector-okhttp[1] needs to accept both custom and >> platform certificates, as per SO[1][2]. >> >> [1] https://github.com/takari/aether-connector-okhttp >> [2] >> https://stackoverflow.com/questions/23103174/does-okhttp-support-accepting-self-signed-ssl-certs >> [3] >> https://stackoverflow.com/questions/23144353/how-do-i-initialize-a-trustmanagerfactory-with-multiple-sources-of-trust/35759057#35759057 >> >> >> On Thu, Jan 24, 2019 at 5:50 AM Francois Marot <francois.ma...@gmail.com> >> wrote: >> >>> Hello all, I bump this message because tried again with Eclipse 18.12 >>> and the problem is still there. >>> Eclipse m2e is unable to connect to an Archiva repository presenting a >>> self-signed certificate and can't download any dependency... >>> This will start to be really problematic and I do not know what to do... >>> Does anyone know if I can downgrade okhttp ? >>> >>> Maven on the command line or IntelliJ do not have this problem... >>> Regards >>> >>> >>> >>> >>> *- - - - -François Marot* >>> >>> >>> On Tue, 23 Oct 2018 at 15:25, Matthew Piggott <mpigg...@sonatype.com> >>> wrote: >>> >>>> The error message suggests that it can't verify the hostname, you may >>>> need to enable the JVM debug logging and dig through the logs. I also see >>>> that okhttp was upgraded 3.7 -> 3.11 which does remove a couple cipher >>>> suites <https://github.com/square/okhttp/blob/master/CHANGELOG.md>. >>>> >>>> >>>> >>>> On Tue, Oct 23, 2018, 04:50 Francois Marot, <francois.ma...@gmail.com> >>>> wrote: >>>> >>>>> Hello, since I use the new version of Eclipse (2018-09 with m2e 1.9.1) >>>>> Maven in Eclipse is unable to connect to by Archiva repository (behind a >>>>> reverse proxy with certificate hand-crafted by my IT departement). >>>>> It fails whether I use embedded or external version of Maven (but I >>>>> think only the embedded Maven is used to download dependencies). >>>>> >>>>> It used to work with Eclipse Photon (2018-06) and it also work on the >>>>> command line. >>>>> It tried in both Java 11 and Java 8, with the certificate imported in >>>>> the JVM's keystore. >>>>> >>>>> Is this an intentional change in m2ee ? Or more global to Eclipse ? >>>>> How to bypass it ? >>>>> >>>>> The stack trace containing the SSLPeerUnverifiedException is at the >>>>> end of the message >>>>> >>>>> Regards, >>>>> Francois >>>>> >>>>> >>>>> Failed to read artifact descriptor for net.java.dev.jna:jna:jar:4.2.1 >>>>> org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to >>>>> read artifact descriptor for net.java.dev.jna:jna:jar:4.2.1 >>>>> at >>>>> org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:276) >>>>> at >>>>> org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:192) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultDependencyCollector.resolveCachedArtifactDescriptor(DefaultDependencyCollector.java:539) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultDependencyCollector.getArtifactDescriptorResult(DefaultDependencyCollector.java:522) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:411) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:365) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(DefaultDependencyCollector.java:353) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies(DefaultDependencyCollector.java:256) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultRepositorySystem.collectDependencies(DefaultRepositorySystem.java:282) >>>>> at >>>>> org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(DefaultProjectDependenciesResolver.java:169) >>>>> at >>>>> org.apache.maven.project.DefaultProjectBuilder.resolveDependencies(DefaultProjectBuilder.java:212) >>>>> at >>>>> org.apache.maven.project.DefaultProjectBuilder.build(DefaultProjectBuilder.java:185) >>>>> at >>>>> org.apache.maven.project.DefaultProjectBuilder.build(DefaultProjectBuilder.java:116) >>>>> at >>>>> org.eclipse.m2e.core.internal.embedder.MavenImpl.readMavenProject(MavenImpl.java:636) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.registry.DefaultMavenDependencyResolver.resolveProjectDependencies(DefaultMavenDependencyResolver.java:63) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.registry.ProjectRegistryManager.refreshPhase2(ProjectRegistryManager.java:530) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.registry.ProjectRegistryManager$3.call(ProjectRegistryManager.java:492) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.registry.ProjectRegistryManager$3.call(ProjectRegistryManager.java:1) >>>>> at >>>>> org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.executeBare(MavenExecutionContext.java:177) >>>>> at >>>>> org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:151) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.registry.ProjectRegistryManager.refresh(ProjectRegistryManager.java:496) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.registry.ProjectRegistryManager.refresh(ProjectRegistryManager.java:351) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.registry.ProjectRegistryManager.refresh(ProjectRegistryManager.java:298) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.ProjectConfigurationManager.updateProjectConfiguration0(ProjectConfigurationManager.java:405) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.ProjectConfigurationManager$2.call(ProjectConfigurationManager.java:352) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.ProjectConfigurationManager$2.call(ProjectConfigurationManager.java:1) >>>>> at >>>>> org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.executeBare(MavenExecutionContext.java:177) >>>>> at >>>>> org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:151) >>>>> at >>>>> org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:99) >>>>> at >>>>> org.eclipse.m2e.core.internal.embedder.MavenImpl.execute(MavenImpl.java:1351) >>>>> at >>>>> org.eclipse.m2e.core.internal.project.ProjectConfigurationManager.updateProjectConfiguration(ProjectConfigurationManager.java:349) >>>>> at >>>>> org.eclipse.m2e.core.ui.internal.UpdateMavenProjectJob.runInWorkspace(UpdateMavenProjectJob.java:77) >>>>> at >>>>> org.eclipse.core.internal.resources.InternalWorkspaceJob.run(InternalWorkspaceJob.java:42) >>>>> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) >>>>> >>>>> Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: >>>>> Could not transfer artifact net.java.dev.jna:jna:pom:4.2.1 from/to >>>>> archiva.default ( >>>>> https://archiva.olea-medical.local/repository/internal/): Hostname >>>>> archiva.olea-medical.local not verified: >>>>> certificate: sha256/fXefAy0ZPHjHZnjtc+O1kWQ4PwK94XCesII/Lp9B3aE= >>>>> DN: CN=archiva.olea-medical.local, OU=Info, O=OLEA MEDICAL, >>>>> L=LaCiota, ST=BdR, C=FR >>>>> subjectAltNames: [] >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:422) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:224) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:201) >>>>> at >>>>> org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:261) >>>>> ... 33 more >>>>> >>>>> Caused by: org.eclipse.aether.transfer.ArtifactTransferException: >>>>> Could not transfer artifact net.java.dev.jna:jna:pom:4.2.1 from/to >>>>> archiva.default ( >>>>> https://archiva.olea-medical.local/repository/internal/): Hostname >>>>> archiva.olea-medical.local not verified: >>>>> certificate: sha256/fXefAy0ZPHjHZnjtc+O1kWQ4PwK94XCesII/Lp9B3aE= >>>>> DN: CN=archiva.olea-medical.local, OU=Info, O=OLEA MEDICAL, >>>>> L=LaCiota, ST=BdR, C=FR >>>>> subjectAltNames: [] >>>>> >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector$2.wrap(AetherRepositoryConnector.java:856) >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector$2.wrap(AetherRepositoryConnector.java:1) >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector$GetTask.flush(AetherRepositoryConnector.java:630) >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector.get(AetherRepositoryConnector.java:309) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:498) >>>>> at >>>>> org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:399) >>>>> ... 36 more >>>>> >>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname >>>>> archiva.olea-medical.local not verified: >>>>> certificate: sha256/fXefAy0ZPHjHZnjtc+O1kWQ4PwK94XCesII/Lp9B3aE= >>>>> DN: CN=archiva.olea-medical.local, OU=Info, O=OLEA MEDICAL, >>>>> L=LaCiota, ST=BdR, C=FR >>>>> subjectAltNames: [] >>>>> >>>>> at >>>>> okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:329) >>>>> at >>>>> okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:282) >>>>> at >>>>> okhttp3.internal.connection.RealConnection.connect(RealConnection.java:167) >>>>> at >>>>> okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257) >>>>> at >>>>> okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135) >>>>> at >>>>> okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114) >>>>> at >>>>> okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) >>>>> at >>>>> okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) >>>>> at >>>>> okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) >>>>> at >>>>> okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) >>>>> at >>>>> okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) >>>>> at >>>>> okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) >>>>> at >>>>> okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) >>>>> at >>>>> okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) >>>>> at >>>>> okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126) >>>>> at >>>>> okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) >>>>> at >>>>> okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) >>>>> at >>>>> okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) >>>>> at okhttp3.RealCall.execute(RealCall.java:77) >>>>> at >>>>> io.takari.aether.okhttp.OkHttpAetherClient.execute(OkHttpAetherClient.java:207) >>>>> at >>>>> io.takari.aether.okhttp.OkHttpAetherClient.get(OkHttpAetherClient.java:153) >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector$GetTask.getResponse(AetherRepositoryConnector.java:626) >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector$GetTask.resumableGet(AetherRepositoryConnector.java:571) >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector$GetTask.run(AetherRepositoryConnector.java:452) >>>>> at >>>>> io.takari.aether.connector.AetherRepositoryConnector.get(AetherRepositoryConnector.java:303) >>>>> ... 38 more >>>>> >>>>> >>>>> >>>>> *- - - - -François Marot* >>>>> _______________________________________________ >>>>> m2e-users mailing list >>>>> m2e-users@eclipse.org >>>>> To change your delivery options, retrieve your password, or >>>>> unsubscribe from this list, visit >>>>> https://dev.eclipse.org/mailman/listinfo/m2e-users >>>> >>>> _______________________________________________ >>>> m2e-users mailing list >>>> m2e-users@eclipse.org >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://dev.eclipse.org/mailman/listinfo/m2e-users >>> >>> _______________________________________________ >>> m2e-users mailing list >>> m2e-users@eclipse.org >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://www.eclipse.org/mailman/listinfo/m2e-users >> >> >> >> -- >> "Have you tried turning it off and on again" - The IT Crowd >> And if that fails, then http://goo.gl/tnBgH5 >> _______________________________________________ >> m2e-users mailing list >> m2e-users@eclipse.org >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/m2e-users > >
_______________________________________________ m2e-users mailing list m2e-users@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/m2e-users