Some further research on my part shows that a simple connection test using HttpComponents httpclient 4.3.5 does work, but that the version of httpclient used in Wagon 2.6 (httpclient 4.3.1) fails. Apparently the newer version of httpclient fixes the problem I ran into, although I do not know what the problem is exactly.
For completeness sake: the simple connection test with httpclient 4.3.5 I used: https://gist.github.com/jdhoek/192a965fc63f459b2bee As it turns out, Wagon 2.7 already uses httpclient 4.3.5. A custom build of Maven 3.2.3 with the Wagon dependency set to 2.7 works! When will a version of Maven 3.2.x built with Wagon 2.7 be released? Is something blocking Maven from depending on Wagon 2.7? 2014-10-29 16:14 GMT+01:00 Jeroen Hoek <[email protected]>: > Hello, > > I am trying to get Maven (3.2.2) to work with an instance of Archiva > hosted behind a webserver secured with client-side SSL certificates. > > I have followed the guide at > https://maven.apache.org/guides/mini/guide-repository-ssl.html, and > imported the server-side SSL certificate into a Java .jks file. The > client-side certificate is a PKCS12 file, which works correctly in > Firefox and Chromium. > > I have a simple project that depends on an artifact hosted on my > Archiva server. When client-side SSL verification is disabled on the > server, `mvn clean install` works as expected, and the dependency is > downloaded. > > But it doesn't work when I activate client-side SSL verification, and > try the following command: > > mvn clean install -Djavax.net.debug=ssl > -Djavax.net.ssl.trustStore=PATH_TO_TRUSTDB.jks > -Djavax.net.ssl.trustStorePassword=**************** > -Djavax.net.ssl.keyStore=PATH_TO_MY_CERT.p12 > -Djavax.net.ssl.keyStoreType=pkcs12 > -Djavax.net.ssl.keyStorePassword=**************** > > From what I can see in the output, my .p12 file is read by Maven at > the start, as is the trust-store, but it fails to complete requests to > the Archiva server, although TLS handshaking appears to work, so the > server-side certificate is trusted and accepted. The server throws the > "400: No required SSL certificate was sent" error message you get when > trying to talk to it without a client-side SSL certificate installed. > In the server log I am indeed seeing HTTP GET requests from Maven > without any client-side SSL certificate, whereas GETs by a browser do > show access with the valid certificate there. > > Any idea why Maven isn't using the client-side SSL certificate passed > via -Djavax.net.ssl.keyStoreType? Is there some configuration option I > am overlooking? > > Kind regards, > > Jeroen Hoek > Lable -- Vriendelijke groeten, Jeroen Hoek Lable ✉ [email protected] ℡ 088 44 20 202 http://lable.org KvK № 55984037 BTW № NL8519.32.411.B.01 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
