Re: [tycho-user] HTTPS - disable hostname check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [tycho-user] HTTPS - disable hostname check

From: Thomas Eichstädt-Engelen <thomas@xxxxxxxxxxx>
Date: Thu, 28 May 2015 20:48:43 +0200
Delivered-to: tycho-user@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/tycho-user>
List-help: <mailto:tycho-user-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/tycho-user>, <mailto:tycho-user-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/tycho-user>, <mailto:tycho-user-request@eclipse.org?subject=unsubscribe>

Hi Jan,

thanks for your quick answer!

I found this post as well but it doesn’t help in our case because the certificate itself is not the problem.

The problem seems to be that nexus is available under domain1 but the returned certificate is issued for domain2. Both of them are well trusted and correct in itself but unfortunately the network setup seems to be messed up somehow (as i said we cannot change that for now) and the returned certificates are messed up.

Any other ideas? Is it possible to change the HostnameVerifier of the underlying HttpClient somehow?

Best, Thomas E.-E.



> On 28 May 2015, at 17:07, Sievers, Jan <jan.sievers@xxxxxxx> wrote:
> 
> google search turns up
> 
> http://eclipsesource.com/blogs/2013/04/19/installing-eclipse-plug-ins-from-an-update-site-with-a-self-signed-certificate/
> 
> 
> From: tycho-user-bounces@xxxxxxxxxxx [mailto:tycho-user-bounces@xxxxxxxxxxx] On Behalf Of Thomas Eichstädt-Engelen
> Sent: Donnerstag, 28. Mai 2015 16:49
> To: tycho-user@xxxxxxxxxxx
> Subject: [tycho-user] HTTPS - disable hostname check
> 
> Hi,
> 
> i am currently facing the follow problem:
> 
> We are building our Eclipse P2 based project using Tycho. Due to stability reasons we’ve added a Nexus RepoManager into the manager which proxies all external Repos. When building we get an SSL error
> 
> [ERROR] Failed to resolve target definition /var/lib/jenkins/jobs/openhab2/workspace/targetplatform/openhab.target: Failed to load p2 metadata repository from location https://<host1.de>/nexus/content/groups/public-p2/: Unable to read repository at https://<host1.de>/nexus/content/groups/public-p2/content.xml. hostname in certificate didn't match: <host1.de> != <host2.de> OR <host2.de> OR <host3.de> -> [Help 1]
> 
> Using “dig” it turns out that the server is not well administered. However we can’t change that situation by now so we have to workaround it. Maven HTTP Wagon provides the “allowAll” feature (see http://maven.apache.org/wagon/wagon-providers/wagon-http/) which simply uses a different HostnameVerifier using the System property maven.wagon.http.ssl.allowall=true  
> 
> Is there anything similar to use in tyco builds since tycho doesn’t seem to work with wagons.
> 
> Any help is greatly appreciated.
> 
> Best, Thomas E.-E.
> _______________________________________________
> tycho-user mailing list
> tycho-user@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/tycho-user

Follow-Ups:
- Re: [tycho-user] HTTPS - disable hostname check
  - From: Max Rydahl Andersen

References:
- [tycho-user] HTTPS - disable hostname check
  - From: Thomas Eichstädt-Engelen
- Re: [tycho-user] HTTPS - disable hostname check
  - From: Sievers, Jan

Prev by Date: [tycho-user] Tycho 0.23.0 staged
Next by Date: Re: [tycho-user] Tycho 0.23.0 staged
Previous by thread: Re: [tycho-user] HTTPS - disable hostname check
Next by thread: Re: [tycho-user] HTTPS - disable hostname check
Index(es):
- Date
- Thread

Breadcrumbs