2.11-rc-1 with https and wildcard certificate, uploadArchives

stonesong · January 27, 2016, 11:39am

Hi, while this bug GRADLE-3250 has been fixed in the new version 2.11-rc-1, the almost exact same bug but on uploading artifact to a remote maven repo on a https + wildcard certificates remains.
Probably this bug was not here in the older versions of gradlle (example 2.2.1) because of the old Http client was not checking certificates at upload, now apparently it does, and so my upload artifact does not work anymore:

Could not publish configuration ‘archives’
Failed to deploy artifacts: Could not transfer artifact com.myartifact.myversion from/to remote (https://maven.myremotemaven): Certificate for <maven.myMavenCertificate> doesn’t match any of the subject alternative names: [other certificate]

mark_vieira · January 27, 2016, 4:15pm

@stonesong is the Maven repository you are uploading to using SNI or simply a single wildcard certificate? Also, I assume you are using the ‘maven’ plugin and not the ‘maven-publish’ plugin?

stonesong · January 27, 2016, 5:19pm

@mark_vieira yes the maven repository is hosted on a server using SNI and wildcard certificate.
Also yes I use the maven plugin and not maven-publish plugin

mark_vieira · January 27, 2016, 5:27pm

So you are saying with 2.2.1 this worked when publishing? Are you able to resolve dependencies using HTTPS from this server using 2.11? How about with 2.2.1?

stonesong · January 27, 2016, 5:39pm

Exactly, with 2.2.1 I can upload an archives to the repo with authentication, but could not download dependency due to the GRADLE-3250 bug. With 2.11 I can now download the dependencies but can not upload an archives.

The uploadArchives task or the repository configuration for dependencies in build.gradle don’t change.

With version 2.10 for exemple I can not download dependency nor upload artifact.

mark_vieira · January 27, 2016, 5:55pm

My guess is this likely broke in Gradle 2.5 with our upgrade to the Maven 3 libraries. The ‘maven’ plugin uses the Maven Wagon HTTP implementation so it has it’s own set of rules. You can potentially configure it via system properties to skip cert validation: https://maven.apache.org/wagon/wagon-providers/wagon-http/index.html.

I’d suggest you try also with the ‘maven-publish’ plugin. That will for sure use the new HttpClient which supports SNI.

stonesong · January 27, 2016, 6:11pm

Thank you @mark_vieira I’ll come back with feedbacks

stonesong · January 29, 2016, 2:11pm

@mark_vieira I did not try yet with the properties, but indeed I can have a clean publish using the new maven-publish so everything is fine now

thanks !

Topic		Replies	Views
Can't download/upload to a https secured maven repository with 1.1, it runs fine with 1.0-rc3 Old Forum Archive	1	516	August 7, 2012
Gradle can't access Maven repos over TLS servers using SNI Bugs	10	7488	May 2, 2016
2.8, 2.9 mavenDeployer doesn't honour uniqueVersion=false in maven uploadArchives Bugs gradle-3405 , issue-acknowledged	8	9386	July 16, 2016
SSL Peer Not Authenticated Old Forum Archive	2	7162	June 24, 2014
Upgrading to Gradle 2.6 publishing to Nexus Help/Discuss	14	1247	September 11, 2015

2.11-rc-1 with https and wildcard certificate, uploadArchives

Related topics