Re: [tycho-user] HTTPS - disable hostname check

["Max Rydahl Andersen" <manderse@xxxxxxxxxx>]

I haven't tried these with tycho but in other contexts - so they might 
work...or not.

Might be enough to add `-Djsse.enableSNIExtension=false` to the jvm used 
to launch tycho.

if not, maybe add custom verifier via javaagent: 
http://stackoverflow.com/questions/6031258/java-ssl-how-to-disable-hostname-verification

/max

> Hi Jan,
>
> thanks for your quick answer!
>
> I found this post as well but it doesn’t help in our case because 
> the certificate itself is not the problem.
>
> The problem seems to be that nexus is available under domain1 but the 
> returned certificate is issued for domain2. Both of them are well 
> trusted and correct in itself but unfortunately the network setup 
> seems to be messed up somehow (as i said we cannot change that for 
> now) and the returned certificates are messed up.
>
> Any other ideas? Is it possible to change the HostnameVerifier of the 
> underlying HttpClient somehow?
>
> Best, Thomas E.-E.
>
>
>
> > On 28 May 2015, at 17:07, Sievers, Jan <jan.sievers@xxxxxxx> wrote:
> >
> > google search turns up
> >
> > http://eclipsesource.com/blogs/2013/04/19/installing-eclipse-plug-ins-from-an-update-site-with-a-self-signed-certificate/
> >
> >
> > From: tycho-user-bounces@xxxxxxxxxxx 
> > [mailto:tycho-user-bounces@xxxxxxxxxxx] On Behalf Of Thomas 
> > Eichstädt-Engelen
> > Sent: Donnerstag, 28. Mai 2015 16:49
> > To: tycho-user@xxxxxxxxxxx
> > Subject: [tycho-user] HTTPS - disable hostname check
> >
> > Hi,
> >
> > i am currently facing the follow problem:
> >
> > We are building our Eclipse P2 based project using Tycho. Due to 
> > stability reasons we’ve added a Nexus RepoManager into the manager 
> > which proxies all external Repos. When building we get an SSL error
> >
> > [ERROR] Failed to resolve target definition 
> > /var/lib/jenkins/jobs/openhab2/workspace/targetplatform/openhab.target: 
> > Failed to load p2 metadata repository from location 
> > https://<host1.de>/nexus/content/groups/public-p2/: Unable to read 
> > repository at 
> > https://<host1.de>/nexus/content/groups/public-p2/content.xml. 
> > hostname in certificate didn't match: <host1.de> != <host2.de> OR 
> > <host2.de> OR <host3.de> -> [Help 1]
> >
> > Using “dig” it turns out that the server is not well 
> > administered. However we can’t change that situation by now so we 
> > have to workaround it. Maven HTTP Wagon provides the “allowAll” 
> > feature (see 
> > http://maven.apache.org/wagon/wagon-providers/wagon-http/) which 
> > simply uses a different HostnameVerifier using the System property 
> > maven.wagon.http.ssl.allowall=true
> >
> > Is there anything similar to use in tyco builds since tycho doesn’t 
> > seem to work with wagons.
> >
> > Any help is greatly appreciated.
> >
> > Best, Thomas E.-E.
> > _______________________________________________
> > tycho-user mailing list
> > tycho-user@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or 
> > unsubscribe from this list, visit
> > https://dev.eclipse.org/mailman/listinfo/tycho-user
>
> _______________________________________________
> tycho-user mailing list
> tycho-user@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or 
> unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/tycho-user


/max
http://about.me/maxandersen