Distrusted HTTPS Certificate after relocation from plugins.gradle.org to cloudfront.net

twwwt · December 4, 2019, 10:56am

For your information, I wanted to upgrade com.gradle.build-scan to com.gradle.enterprise today, using Gradle 6.0.1. This is what I got:

> Could not download httpclient-4.2.1.jar (org.apache.httpcomponents:httpclient:4.2.1)
   > Could not get resource 'https://plugins.gradle.org/m2/org/apache/httpcomponents/httpclient/4.2.1/httpclient-4.2.1.jar'.
      > Could not GET 'https://d29vzk4ow07wi7.cloudfront.net/b69bd03af60bf487b3ae1209a644ecac587bf6fc?response-content-disposition=attachment%3Bfilename%3D%22httpclient-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvYjY5YmQwM2FmNjBiZjQ4N2IzYWUxMjA5YTY0NGVjYWM1ODdiZjZmYz9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjbGllbnQtNC4yLjEuamFyJTIyIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNTc1NDU2NTU0fSwiSXBBZGRyZXNzIjp7IkFXUzpTb3VyY2VJcCI6IjAuMC4wLjAvMCJ9fX1dfQ__&Signature=JRS-0Q9bFTXF~SduJVUal3f3OPnEIORUdvHztWUIWzMykStIcyZNkrlYsMExp0kAwWhOJz0eKTamNVzDsbfDjZ7SXPZh5tOK5ZEFRh8mr7VK0FnmWVEDqSwUlPPyW-JsI5UQvO-JYnY8UfGVnJe-CagSCWKnvEsYpJWHIHkXPutiN4GI02lrgdrE8XSwkT3qKkv~r9s8ZyJ9Wz88pyGNGd2e8aiCEdZ6N2Zk~bME~6ivlc1-X6qEqZep7PvO4T7R4z7AhRyEXz76398XEul3-TMjN~eEhy0KBtZHsRt750ko44OQ~QyztHProm~pM25FM86DiOobOjmqVsBdvinuPA__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'.
         > sun.security.validator.ValidatorException: TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
> Could not download httpcore-4.2.1.jar (org.apache.httpcomponents:httpcore:4.2.1)
   > Could not get resource 'https://plugins.gradle.org/m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar'.
      > Could not GET 'https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NTQ1NjI0NX0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=Px4bpEbvrI2~Gb8Eiqcwx6L9pSVl~-uZudTmZDLKDnT-BC9mRuHytkSHpndYBvAnLd-Ayxvim5HYiUvGVVSPozCC3Xu00WG19kjeta5QaR6HuhNlGjI5JxUdIVg7Mr8AUUpOTa7uRS15mh0wE9KZEh3Z3b5YokZO32TX9r~F8xs-y7WOCARiFhvuwlfRpiFuxdFlkVfBYbVOO8HDPwWivymW0xm8~ZcP1EMcqE3EKK362U6P80dxVECQi56hhC1JB2GiDdQpXI6FZuVCDxI4t7KLQs4TqnhkIHSqkbxmFqFbGF4FZidufh4xrj7YhsWgIXsxH77Ogb~BO63XkFVfwA__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'.
         > sun.security.validator.ValidatorException: TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Gradle/Java version used:

------------------------------------------------------------
Gradle 6.0.1
------------------------------------------------------------

Build time:   2019-11-18 20:25:01 UTC
Revision:     fad121066a68c4701acd362daf4287a7c309a0f5

Kotlin:       1.3.50
Groovy:       2.5.8
Ant:          Apache Ant(TM) version 1.10.7 compiled on September 1 2019
JVM:          1.8.0_221 (Oracle Corporation 25.221-b11)
OS:           Mac OS X 10.14.6 x86_64

twwwt · December 18, 2019, 11:28am

It’s disappointing to see that there is no reaction to this issue. It’s now two weeks later and plugins.gradle.org still relocates to a cloudfront.net server that issues these distrusted TLS certificate - I’m still getting the exact same error.

Shouldn’t you Gradle guys not be interested in having your services (Gradle enterprise plugin) be usable?

JLLeitschuh · December 18, 2019, 4:00pm

Hi @twwwt,

Sorry for not seeing this earlier. In the future, please don’t hesitate to reach out to security@gradle.com about issues like this in the future.

To respond to your question, that redirect to cloudfront is due to a redirect response from JCenter, not from us. The Gradle Plugin Portal mirrors JCenter to resolve artifacts that aren’t plugins.

You can see that here:

wget https://plugins.gradle.org/m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar 2>&1 | grep Location:
Location: https://jcenter.bintray.com/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar [following]
Location: https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NjY4Mzk5NX0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=kdxjhN1LcYW1piY-7uttENQqqsjo83q8q1npFeYbxagaqLmxwARuBJkdYgPZm~K7-Fujdyau0b6mi~ECL9wHGWl5lYJkTgLn-7ua00OQe32Sr9~hZLDPuUyRnTaUVeYJHRePfwWT-j0Xm4n69uxSmdUa933iJgy12BKbAx7j6HtzHTFnMquzeSKTjGEpnNPOzDez0puCOPzQA5xvHQrAb7jiS2o1R5hxYRvKzHMnkUCnlXb5zKyo90bzepzTaLu5dv14-~PUXjbf9ybazzIOluJ6LuPOcWS253QD~TRNHasIXUiwSB5lLrHnDzqLTUgBOW2leUW9BoLQFiCbQMe4Cg__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA [following]

I’ll reach out to JCenter’s Security Team about this issue and get back to you.

twwwt · December 19, 2019, 9:45am

Didn’t traced it down to that detail. Thanks for pointing that out.

JLLeitschuh · December 24, 2019, 9:14pm

Hi @twwwt,

The JFrog support team has been unable to reproduce this issue. Are you still experiencing the same problem still? They report that their certificates are no longer issued by Semantic & are now issued by DigiCert.

If you are still having the same issue, can you run curl -v https://d29vzk4ow07wi7.cloudfront.net and report the output here?

ShaneK · December 24, 2019, 10:15pm

I was also experiencing similar behaviour last week - and continue to do so:

> Could not resolve all artifacts for configuration ':classpath'.
   > Could not download ant.jar (org.apache.ant:ant:1.10.7)
      > Could not get resource 'https://plugins.gradle.org/m2/org/apache/ant/ant/1.10.7/ant-1.10.7.jar'.
         > Could not GET 'https://d29vzk4ow07wi7.cloudfront.net/dab4d3b2e45b73aec95cb25ce5050a651ad060f50f74662bbc3c1cb406ec1d19?response-content-disposition=attachment%3Bfilename%3D%22ant-1.10.7.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvZGFiNGQzYjJlNDViNzNhZWM5NWNiMjVjZTUwNTBhNjUxYWQwNjBmNTBmNzQ2NjJiYmMzYzFjYjQwNmVjMWQxOT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmFudC0xLjEwLjcuamFyJTIyIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNTc3MjI1ODkwfSwiSXBBZGRyZXNzIjp7IkFXUzpTb3VyY2VJcCI6IjAuMC4wLjAvMCJ9fX1dfQ__&Signature=ISJR8qI9MEp9XTOmnkfWQmJVckJQDhtl2baSOImfCUfL2apqpd4CQF9DfzNE7aiDZ4DQL-gzkAh6Nbg6XiqGuGTgXZnPCs3cm2vKN83XtevIcGw5u3vh6n-iiN7l7TXSIk-NB8jbebaCjdp9ZTf~EkWcJwM5OPBNlka1SAr0H4P6Zs6aG1gsWAv2FUts5RqubXBdsbo9HwAbBYTES2MKF~EyPzRd5U8hu-X72S4UdK-oLzNGa~xAVTynIczYFl0aA-QDZwV783wCpfspr6o87nAR4lbxqLe5c9xoPFyQwSvwNn-sZimU2IwhDRl2eNxCuRQjgB8yprcfC-Hfzt8EKw__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'.
            > sun.security.validator.ValidatorException: TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Gradle/Java version:

------------------------------------------------------------
Gradle 5.6.2
------------------------------------------------------------

Build time:   2019-09-05 16:13:54 UTC
Revision:     55a5e53d855db8fc7b0e494412fc624051a8e781

Kotlin:       1.3.41
Groovy:       2.5.4
Ant:          Apache Ant(TM) version 1.9.14 compiled on March 12 2019
JVM:          1.8.0_212 (Oracle Corporation 25.212-b03)
OS:           Linux 4.15.0-1056-aws amd64

Here’s the output I get from your ‘curl’ request:

# curl -v https://d29vzk4ow07wi7.cloudfront.net
* Rebuilt URL to: https://d29vzk4ow07wi7.cloudfront.net/
*   Trying 13.224.68.155...
* Connected to d29vzk4ow07wi7.cloudfront.net (13.224.68.155) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: *.cloudfront.net (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: C=US,ST=Washington,L=Seattle,O=Amazon.com\, Inc.,CN=*.cloudfront.net
*        start date: Wed, 17 Jul 2019 00:00:00 GMT
*        expire date: Sun, 05 Jul 2020 12:00:00 GMT
*        issuer: C=US,O=DigiCert Inc,CN=DigiCert Global CA G2
*        compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: d29vzk4ow07wi7.cloudfront.net
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: CloudFront
< Date: Tue, 24 Dec 2019 22:22:00 GMT
< Content-Type: text/xml
< Content-Length: 146
< Connection: keep-alive
< X-Cache: Error from cloudfront
< Via: 1.1 5e2b2bef8be6bee05fe23de3ed9e3a6e.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: DUB2-C1
< X-Amz-Cf-Id: TsxPzizaCk4WNpxgj5NtZhDMzyYY1mSdbY5BLgfNEzwDnlcDFhVHvg==
<
* Connection #0 to host d29vzk4ow07wi7.cloudfront.net left intact
<?xml version="1.0" encoding="UTF-8"?><Error><Code>MissingKey</Code><Message>Missing Key-Pair-Id query parameter or cookie value</Message></Error>

twwwt · December 25, 2019, 10:20am

After trying your suggestion, I have less of a clue of what is going on here. Just ran the following two commands on the same machine, and the same Gradle, Java versions as before:

This works:

$ curl -L -v https://plugins.gradle.org/m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar --output httpcore-4.2.1.jar
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 104.18.191.9...
* TCP_NODELAY set
* Connected to plugins.gradle.org (104.18.191.9) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [224 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [106 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2166 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [115 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=gradle.org
*  start date: Jan 25 00:00:00 2019 GMT
*  expire date: Jan 25 12:00:00 2020 GMT
*  subjectAltName: host "plugins.gradle.org" matched cert's "*.gradle.org"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.
> GET /m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar HTTP/1.1
> Host: plugins.gradle.org
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 303 See Other
< Date: Wed, 25 Dec 2019 10:09:28 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d41f56c224f1daa8d28102c09bb71d3cf1577268568; expires=Fri, 24-Jan-20 10:09:28 GMT; path=/; domain=.gradle.org; HttpOnly; SameSite=Lax; Secure
< Location: https://jcenter.bintray.com/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar
< X-Frame-Options: DENY
< X-Xss-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Permitted-Cross-Domain-Policies: master-only
< Via: 1.1 vegur
< CF-Cache-Status: HIT
< Age: 938
< Expires: Wed, 25 Dec 2019 22:09:28 GMT
< Cache-Control: public, max-age=43200
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 54aa050a8b29cc56-ZRH
< 
* Ignoring the response-body
{ [5 bytes data]
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host plugins.gradle.org left intact
* Issue another request to this URL: 'https://jcenter.bintray.com/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar'
*   Trying 3.124.133.231...
* TCP_NODELAY set
* Connected to jcenter.bintray.com (3.124.133.231) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [225 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [89 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2765 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.bintray.com
*  start date: Sep 26 00:00:00 2019 GMT
*  expire date: Nov  9 12:00:00 2021 GMT
*  subjectAltName: host "jcenter.bintray.com" matched cert's "*.bintray.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
*  SSL certificate verify ok.
> GET /org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar HTTP/1.1
> Host: jcenter.bintray.com
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 302 
< Server: nginx
< Date: Wed, 25 Dec 2019 10:09:28 GMT
< Content-Length: 0
< Connection: keep-alive
< Location: https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NzI2OTIzMH0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=Ty3NtR0XJRNFBVqYwzP54fyfuElab8Yy-XcSx8xcE7YbjDKC~5mAlq0nBfnqH2LwBaFKsNvIsLgqqO6QUjI89T2dIfRkoVchRjktZvAuhLwW22pNRyY-zHz8RpKJ7gwcsfZc9ZOCNmj9AzAlrYsK-E4qV0-znb1GFK9N6WWDCf4fCIlYpg4W5tEqIwrJa-rHmoC6bhZIvvRfx078T8DT9CvDqO9D29X3TbATQLWV~zd6s9~HqrnjMuJv5~OUJLRNLarY3eF~3EjVoyzHE~w9veD7mauCEU2QdEQxq3LF0iDZVbR464rOjhj1Bwx3ZDRloWPNeDOtDR5~cY-wW-QuMw__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA
< 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #1 to host jcenter.bintray.com left intact
* Issue another request to this URL: 'https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NzI2OTIzMH0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=Ty3NtR0XJRNFBVqYwzP54fyfuElab8Yy-XcSx8xcE7YbjDKC~5mAlq0nBfnqH2LwBaFKsNvIsLgqqO6QUjI89T2dIfRkoVchRjktZvAuhLwW22pNRyY-zHz8RpKJ7gwcsfZc9ZOCNmj9AzAlrYsK-E4qV0-znb1GFK9N6WWDCf4fCIlYpg4W5tEqIwrJa-rHmoC6bhZIvvRfx078T8DT9CvDqO9D29X3TbATQLWV~zd6s9~HqrnjMuJv5~OUJLRNLarY3eF~3EjVoyzHE~w9veD7mauCEU2QdEQxq3LF0iDZVbR464rOjhj1Bwx3ZDRloWPNeDOtDR5~cY-wW-QuMw__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'
*   Trying 13.226.175.89...
* TCP_NODELAY set
* Connected to d29vzk4ow07wi7.cloudfront.net (13.226.175.89) port 443 (#2)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [235 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [91 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4016 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=*.cloudfront.net
*  start date: Jul 17 00:00:00 2019 GMT
*  expire date: Jul  5 12:00:00 2020 GMT
*  subjectAltName: host "d29vzk4ow07wi7.cloudfront.net" matched cert's "*.cloudfront.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert Global CA G2
*  SSL certificate verify ok.
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0> GET /2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NzI2OTIzMH0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=Ty3NtR0XJRNFBVqYwzP54fyfuElab8Yy-XcSx8xcE7YbjDKC~5mAlq0nBfnqH2LwBaFKsNvIsLgqqO6QUjI89T2dIfRkoVchRjktZvAuhLwW22pNRyY-zHz8RpKJ7gwcsfZc9ZOCNmj9AzAlrYsK-E4qV0-znb1GFK9N6WWDCf4fCIlYpg4W5tEqIwrJa-rHmoC6bhZIvvRfx078T8DT9CvDqO9D29X3TbATQLWV~zd6s9~HqrnjMuJv5~OUJLRNLarY3eF~3EjVoyzHE~w9veD7mauCEU2QdEQxq3LF0iDZVbR464rOjhj1Bwx3ZDRloWPNeDOtDR5~cY-wW-QuMw__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA HTTP/1.1
> Host: d29vzk4ow07wi7.cloudfront.net
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/unknown
< Content-Length: 223374
< Connection: keep-alive
< Date: Wed, 25 Dec 2019 10:02:31 GMT
< Last-Modified: Fri, 04 Apr 2014 00:49:24 GMT
< ETag: "a777e8a2af991b8f1d07b23e77831aaf"
< Content-Disposition: attachment;filename="httpcore-4.2.1.jar"
< Accept-Ranges: bytes
< Server: AmazonS3
< X-Cache: Hit from cloudfront
< Via: 1.1 fac4aa0a37eb414ea7428e42f604df90.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: MXP64-C3
< X-Amz-Cf-Id: ZEDRHHFtYvDqDKFmhbzFrukuu_p7XtTKUOHA6uowhv5QXsurLjnAZw==
< Age: 419
< 
{ [16360 bytes data]
100  218k  100  218k    0     0   370k      0 --:--:-- --:--:-- --:--:-- 1154k
* Connection #2 to host d29vzk4ow07wi7.cloudfront.net left intact

The Gradle build still does not work:

$ gradle -stop
Stopping Daemon(s)
1 Daemon stopped
$ rm -rf .gradle/
$ gradle clean build
Starting a Gradle Daemon, 2 stopped Daemons could not be reused, use --status for details

FAILURE: Build failed with an exception.

* What went wrong:
Could not resolve all artifacts for configuration 'classpath'.
> Could not download httpclient-4.2.1.jar (org.apache.httpcomponents:httpclient:4.2.1)
   > Could not get resource 'https://plugins.gradle.org/m2/org/apache/httpcomponents/httpclient/4.2.1/httpclient-4.2.1.jar'.
      > Could not GET 'https://d29vzk4ow07wi7.cloudfront.net/b69bd03af60bf487b3ae1209a644ecac587bf6fc?response-content-disposition=attachment%3Bfilename%3D%22httpclient-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvYjY5YmQwM2FmNjBiZjQ4N2IzYWUxMjA5YTY0NGVjYWM1ODdiZjZmYz9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjbGllbnQtNC4yLjEuamFyJTIyIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNTc3MjY4OTk0fSwiSXBBZGRyZXNzIjp7IkFXUzpTb3VyY2VJcCI6IjAuMC4wLjAvMCJ9fX1dfQ__&Signature=H6beeA3L51A37bwEBzWK0iwzgwL-hUzZF3z5u5blCKP4pOEJkvT2msUA7lWpAeKxKDkqmzvJ9X1W2GLXmYdyQF97iUr4QPnWzkUkmbZlgoUW-82VKBRHqNgfh6KjDPWQ3EwX7MABJWAqQf-2UBkqz3abY7O9HEmFHDaEuCOJQ813-8r16rmi-NZ4L~H0WPTIWJfZrIoKfYtJsfP~wurCVw91DvTTRpMjSuzUOazHdJekrZ4KUE5tHb32TdvYdXG5ac5n7JptxFqChcivx5oDvk6H1Y-Z3t8zvvsvwYTqyAOyjOR9sKKxcElw7PRhmRlPha6ZqnHL7qonFeNOFZ3ZXQ__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'.
         > TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
> Could not download httpcore-4.2.1.jar (org.apache.httpcomponents:httpcore:4.2.1)
   > Could not get resource 'https://plugins.gradle.org/m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar'.
      > Could not GET 'https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NzI2OTY0N30sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=Y-792nQjxEydggaLX2vR~8sJ88pa5Vgi8zltDkK18MT4Me6snWW2XOiRaU8AuH7Mlg9INZe414IrNC42ZXzKOh6EUOPgWjcOOc6l02kMKrzq~SvRR5dWwpL-zoYEsvpTZ~1sJf8SeDdR-8Zf6yCnq~4HyqhwhlWPMwdoEyon3IqrfTmyLr8dpqWspAMOYutAfGjlJyQJvjvvNEKbeE8E~clfwenTN5sK5FFmh5eLIegGuRc4lWHeozmeNe~lmFCSOr~dDqmwOvIY-K7VZv5Fjnhag3xqkgz2rSbpfgrpeF7Lt~oqZVR8V7LZI2b1YcHN5Gr2lq7ImZGhotdmWZunNg__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'.
         > TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 5s

twwwt · December 25, 2019, 10:42am

Just in case it helps, here is a debug output excerpt of the failing build (cannot post entire output due to message size limit here):

2019-12-25T11:23:18.899+0100 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Opening connection {s}->https://d29vzk4ow07wi7.cloudfront.net:443
2019-12-25T11:23:18.902+0100 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Connection can be kept alive indefinitely
2019-12-25T11:23:18.903+0100 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection [id: 9][route: {s}->https://jcenter.bintray.com:443] can be kept alive indefinitely
2019-12-25T11:23:18.903+0100 [DEBUG] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] http-outgoing-9: set socket timeout to 0
2019-12-25T11:23:18.903+0100 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection released: [id: 9][route: {s}->https://jcenter.bintray.com:443][total kept alive: 4; route allocated: 2 of 20; total allocated: 5 of 20]
2019-12-25T11:23:18.903+0100 [DEBUG] [org.gradle.internal.resource.transport.http.AlwaysRedirectRedirectStrategy] Redirect requested to location 'https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NzI2OTYwN30sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=SvB2aGp9WHBvmDQ~USbp3Mn-XfLCizKYE-8Kc0d73ASGGkbsmmRh7VaSHBK4lAS8KUMFicJJEPXU7HNSVg5iCaNJtGsDjy-OEXduWG6MvyDJ10Z4-OBglYgTcNQtLb9aLuwzNIKL4Opjjv59wzs2L4QXhOPwNUJFhCCIAeR~edh3Em80X5xsI7rgU3YG910LS9vRLJoBCLhqdUJLQEzPJErcPycE5lm4-JXz8qhS5taB8adBi3D~w5w~pwdcVP39NS4aWk9iYHg7cMWQFb79tkxoTKaolqL1Kv47EIc2Luau2JimjJWxOaYPAm8LdsX0-031C7lpUsWd~eIF1atI~g__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'
2019-12-25T11:23:18.903+0100 [DEBUG] [org.apache.http.impl.execchain.RedirectExec] Resetting target auth state
2019-12-25T11:23:18.904+0100 [DEBUG] [org.apache.http.impl.execchain.RedirectExec] Redirecting to 'https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NzI2OTYwN30sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=SvB2aGp9WHBvmDQ~USbp3Mn-XfLCizKYE-8Kc0d73ASGGkbsmmRh7VaSHBK4lAS8KUMFicJJEPXU7HNSVg5iCaNJtGsDjy-OEXduWG6MvyDJ10Z4-OBglYgTcNQtLb9aLuwzNIKL4Opjjv59wzs2L4QXhOPwNUJFhCCIAeR~edh3Em80X5xsI7rgU3YG910LS9vRLJoBCLhqdUJLQEzPJErcPycE5lm4-JXz8qhS5taB8adBi3D~w5w~pwdcVP39NS4aWk9iYHg7cMWQFb79tkxoTKaolqL1Kv47EIc2Luau2JimjJWxOaYPAm8LdsX0-031C7lpUsWd~eIF1atI~g__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA' via {s}->https://d29vzk4ow07wi7.cloudfront.net:443
2019-12-25T11:23:18.904+0100 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: default
2019-12-25T11:23:18.904+0100 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
2019-12-25T11:23:18.904+0100 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection request: [route: {s}->https://d29vzk4ow07wi7.cloudfront.net:443][total kept alive: 4; route allocated: 1 of 20; total allocated: 5 of 20]
2019-12-25T11:23:18.904+0100 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection leased: [id: 11][route: {s}->https://d29vzk4ow07wi7.cloudfront.net:443][total kept alive: 4; route allocated: 2 of 20; total allocated: 6 of 20]
2019-12-25T11:23:18.904+0100 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Opening connection {s}->https://d29vzk4ow07wi7.cloudfront.net:443
2019-12-25T11:23:18.959+0100 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connecting to d29vzk4ow07wi7.cloudfront.net/52.222.149.231:443
2019-12-25T11:23:18.959+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Connecting socket to d29vzk4ow07wi7.cloudfront.net/52.222.149.231:443 with timeout 30000
2019-12-25T11:23:18.959+0100 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connecting to d29vzk4ow07wi7.cloudfront.net/52.222.149.231:443
2019-12-25T11:23:18.959+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Connecting socket to d29vzk4ow07wi7.cloudfront.net/52.222.149.231:443 with timeout 30000
2019-12-25T11:23:18.987+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Enabled protocols: [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
2019-12-25T11:23:18.987+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Enabled protocols: [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
2019-12-25T11:23:18.988+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Enabled cipher suites:[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2019-12-25T11:23:18.988+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Starting handshake
2019-12-25T11:23:18.988+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Enabled cipher suites:[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2019-12-25T11:23:18.988+0100 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Starting handshake
2019-12-25T11:23:19.030+0100 [DEBUG] [jdk.event.security] ValidationChain: 303010488, -1701567536, 767446962, -1082064671
2019-12-25T11:23:19.030+0100 [DEBUG] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] http-outgoing-11: Shutdown connection
2019-12-25T11:23:19.030+0100 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Connection discarded
2019-12-25T11:23:19.030+0100 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection released: [id: 11][route: {s}->https://d29vzk4ow07wi7.cloudfront.net:443][total kept alive: 4; route allocated: 1 of 20; total allocated: 5 of 20]
2019-12-25T11:23:19.031+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Download https://plugins.gradle.org/m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar'
2019-12-25T11:23:19.031+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Download https://plugins.gradle.org/m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar' completed
2019-12-25T11:23:19.032+0100 [DEBUG] [org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleComponentRepository] Downloaded artifact 'httpcore-4.2.1.jar (org.apache.httpcomponents:httpcore:4.2.1)' from resolver: Gradle Central Plugin Repository
2019-12-25T11:23:19.032+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Resolve httpcore-4.2.1.jar (org.apache.httpcomponents:httpcore:4.2.1)'
2019-12-25T11:23:19.032+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Resolve httpcore-4.2.1.jar (org.apache.httpcomponents:httpcore:4.2.1)' completed
2019-12-25T11:23:19.032+0100 [DEBUG] [org.gradle.internal.work.DefaultWorkerLeaseService] Worker lease root.1.2.6 completed (1 worker(s) in use)
2019-12-25T11:23:19.032+0100 [DEBUG] [org.gradle.internal.resources.AbstractTrackedResourceLock] Daemon worker Thread 2: released lock on root.1.2.6
2019-12-25T11:23:19.033+0100 [DEBUG] [jdk.event.security] ValidationChain: 303010488, -1701567536, 767446962, -1082064671
2019-12-25T11:23:19.033+0100 [DEBUG] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] http-outgoing-10: Shutdown connection
2019-12-25T11:23:19.033+0100 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Connection discarded
2019-12-25T11:23:19.033+0100 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection released: [id: 10][route: {s}->https://d29vzk4ow07wi7.cloudfront.net:443][total kept alive: 4; route allocated: 0 of 20; total allocated: 4 of 20]
2019-12-25T11:23:19.034+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Download https://plugins.gradle.org/m2/org/apache/httpcomponents/httpclient/4.2.1/httpclient-4.2.1.jar'
2019-12-25T11:23:19.034+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Download https://plugins.gradle.org/m2/org/apache/httpcomponents/httpclient/4.2.1/httpclient-4.2.1.jar' completed
2019-12-25T11:23:19.034+0100 [DEBUG] [org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleComponentRepository] Downloaded artifact 'httpclient-4.2.1.jar (org.apache.httpcomponents:httpclient:4.2.1)' from resolver: Gradle Central Plugin Repository
2019-12-25T11:23:19.034+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Resolve httpclient-4.2.1.jar (org.apache.httpcomponents:httpclient:4.2.1)'
2019-12-25T11:23:19.035+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Resolve httpclient-4.2.1.jar (org.apache.httpcomponents:httpclient:4.2.1)' completed
2019-12-25T11:23:19.035+0100 [DEBUG] [org.gradle.internal.work.DefaultWorkerLeaseService] Worker lease root.1.2.3 completed (1 worker(s) in use)
2019-12-25T11:23:19.035+0100 [DEBUG] [org.gradle.internal.resources.AbstractTrackedResourceLock] Build operations Thread 2: released lock on root.1.2.3
2019-12-25T11:23:19.035+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Resolve files of classpath'
2019-12-25T11:23:19.035+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Resolve files of classpath' completed
2019-12-25T11:23:19.035+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Apply script settings.gradle to settings 'gradle-js-plugin''
2019-12-25T11:23:19.035+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Apply script settings.gradle to settings 'gradle-js-plugin'' completed
2019-12-25T11:23:19.036+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Evaluate settings'
2019-12-25T11:23:19.036+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Evaluate settings' completed
2019-12-25T11:23:19.036+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Load build'
2019-12-25T11:23:19.036+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Load build' completed
2019-12-25T11:23:19.037+0100 [DEBUG] [org.gradle.internal.work.DefaultWorkerLeaseService] Worker lease root.1 completed (0 worker(s) in use)
2019-12-25T11:23:19.037+0100 [DEBUG] [org.gradle.internal.resources.AbstractTrackedResourceLock] Daemon worker Thread 2: released lock on root.1
2019-12-25T11:23:19.037+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] FAILURE: Build failed with an exception.
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * What went wrong:
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Could not resolve all artifacts for configuration 'classpath'.
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] > Could not download httpclient-4.2.1.jar (org.apache.httpcomponents:httpclient:4.2.1)
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter]    > Could not get resource 'https://plugins.gradle.org/m2/org/apache/httpcomponents/httpclient/4.2.1/httpclient-4.2.1.jar'.
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter]       > Could not GET 'https://d29vzk4ow07wi7.cloudfront.net/b69bd03af60bf487b3ae1209a644ecac587bf6fc?response-content-disposition=attachment%3Bfilename%3D%22httpclient-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvYjY5YmQwM2FmNjBiZjQ4N2IzYWUxMjA5YTY0NGVjYWM1ODdiZjZmYz9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjbGllbnQtNC4yLjEuamFyJTIyIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNTc3MjY5NzIzfSwiSXBBZGRyZXNzIjp7IkFXUzpTb3VyY2VJcCI6IjAuMC4wLjAvMCJ9fX1dfQ__&Signature=hM5ABSSkPgahxpisUwQqJOmOpzuqOCJVOBeVT0fypFiWKatpAkulB6aFc~lcsNfBlsZGjC8gDKK0En382b-~9sJjouoRQGpWnh2yA0b1GvHSKq7hNH9m2es-fdWLcNGuGqq5u3PGJhmg34TGQjSxQ5~cScArK~FhOLyBaC82PASzYNbHWdYg69OXCKGVNjWEyborXEtUfFJyfPpW9cUaAqh9t27s46PUQwaLLRyXk7MdDn44GzWUVPwf669R0piJCMBLQFKTkt6Arr-t~xigzxpGFLb3X1Qme0QaldSyCbzklLRZWL--jWvAoS2dLn9CFoH7jrFoqz1du6sMWNB8Bw__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'.
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter]          > TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] > Could not download httpcore-4.2.1.jar (org.apache.httpcomponents:httpcore:4.2.1)
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter]    > Could not get resource 'https://plugins.gradle.org/m2/org/apache/httpcomponents/httpcore/4.2.1/httpcore-4.2.1.jar'.
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter]       > Could not GET 'https://d29vzk4ow07wi7.cloudfront.net/2d503272bf0a8b5f92d64db78b4ba9abbaccc6fd?response-content-disposition=attachment%3Bfilename%3D%22httpcore-4.2.1.jar%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMmQ1MDMyNzJiZjBhOGI1ZjkyZDY0ZGI3OGI0YmE5YWJiYWNjYzZmZD9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMmh0dHBjb3JlLTQuMi4xLmphciUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU3NzI2OTYwN30sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=SvB2aGp9WHBvmDQ~USbp3Mn-XfLCizKYE-8Kc0d73ASGGkbsmmRh7VaSHBK4lAS8KUMFicJJEPXU7HNSVg5iCaNJtGsDjy-OEXduWG6MvyDJ10Z4-OBglYgTcNQtLb9aLuwzNIKL4Opjjv59wzs2L4QXhOPwNUJFhCCIAeR~edh3Em80X5xsI7rgU3YG910LS9vRLJoBCLhqdUJLQEzPJErcPycE5lm4-JXz8qhS5taB8adBi3D~w5w~pwdcVP39NS4aWk9iYHg7cMWQFb79tkxoTKaolqL1Kv47EIc2Luau2JimjJWxOaYPAm8LdsX0-031C7lpUsWd~eIF1atI~g__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA'.
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter]          > TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * Try:
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Run with --stacktrace option to get the stack trace.  Run with --scan to get full insights.
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * Get more help at https://help.gradle.org
2019-12-25T11:23:19.038+0100 [ERROR] [org.gradle.internal.buildevents.BuildResultLogger] 
2019-12-25T11:23:19.039+0100 [ERROR] [org.gradle.internal.buildevents.BuildResultLogger] BUILD FAILED in 2s
2019-12-25T11:23:19.039+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Run build'
2019-12-25T11:23:19.039+0100 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Run build' completed
2019-12-25T11:23:19.058+0100 [DEBUG] [org.gradle.api.internal.artifacts.ivyservice.resolveengine.store.CachedStoreFactory] Resolution result cache closed. Cache reads: 0, disk reads: 0 (avg: 0.0 secs, total: 0.0 secs)
2019-12-25T11:23:19.058+0100 [DEBUG] [org.gradle.api.internal.artifacts.ivyservice.resolveengine.store.CachedStoreFactory] Resolution result cache closed. Cache reads: 0, disk reads: 0 (avg: 0.0 secs, total: 0.0 secs)
2019-12-25T11:23:19.058+0100 [DEBUG] [org.gradle.api.internal.artifacts.ivyservice.resolveengine.store.ResolutionResultsStoreFactory] Deleted 2 resolution results binary files in 0.002 secs
2019-12-25T11:23:19.060+0100 [DEBUG] [org.gradle.cache.internal.LockOnDemandCrossProcessCacheAccess] Releasing file lock for cache directory md-supplier (/Users/t/.gradle/caches/6.0.1/md-supplier)
2019-12-25T11:23:19.060+0100 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Releasing lock on cache directory md-supplier (/Users/t/.gradle/caches/6.0.1/md-supplier).
2019-12-25T11:23:19.060+0100 [DEBUG] [org.gradle.cache.internal.LockOnDemandCrossProcessCacheAccess] Releasing file lock for cache directory md-rule (/Users/t/.gradle/caches/6.0.1/md-rule)
2019-12-25T11:23:19.061+0100 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Releasing lock on cache directory md-rule (/Users/t/.gradle/caches/6.0.1/md-rule).
2019-12-25T11:23:19.063+0100 [DEBUG] [org.gradle.deployment.internal.DefaultDeploymentRegistry] Stopping 0 deployment handles
2019-12-25T11:23:19.063+0100 [DEBUG] [org.gradle.deployment.internal.DefaultDeploymentRegistry] Stopped deployment handles
2019-12-25T11:23:19.063+0100 [DEBUG] [org.gradle.cache.internal.LockOnDemandCrossProcessCacheAccess] Releasing file lock for file hash cache (/Users/t/development/gradle-js-plugin/.gradle/6.0.1/fileHashes)
2019-12-25T11:23:19.063+0100 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Releasing lock on file hash cache (/Users/t/development/gradle-js-plugin/.gradle/6.0.1/fileHashes).
2019-12-25T11:23:19.064+0100 [DEBUG] [org.gradle.cache.internal.DefaultPersistentDirectoryStore] VCS Checkout Cache (/Users/t/development/gradle-js-plugin/.gradle/vcs-1) has last been fully cleaned up 0 hours ago
2019-12-25T11:23:19.064+0100 [DEBUG] [org.gradle.cache.internal.DefaultCacheAccess] Cache VCS Checkout Cache (/Users/t/development/gradle-js-plugin/.gradle/vcs-1) was closed 0 times.
2019-12-25T11:23:19.064+0100 [DEBUG] [org.gradle.cache.internal.DefaultCacheAccess] Cache VCS metadata (/Users/t/development/gradle-js-plugin/.gradle/6.0.1/vcsMetadata-1) was closed 0 times.
2019-12-25T11:23:19.067+0100 [DEBUG] [org.gradle.launcher.daemon.server.exec.ExecuteBuild] The daemon has finished executing the build.
2019-12-25T11:23:19.123+0100 [DEBUG] [org.gradle.launcher.daemon.client.DaemonClientInputForwarder] Dispatching close input message: org.gradle.launcher.daemon.protocol.CloseInput@6f7b6b0a
2019-12-25T11:23:19.124+0100 [DEBUG] [org.gradle.launcher.daemon.client.DaemonClientConnection] thread 16: dispatching class org.gradle.launcher.daemon.protocol.CloseInput
2019-12-25T11:23:19.124+0100 [DEBUG] [org.gradle.launcher.daemon.client.DaemonClient] Received result Success[value=org.gradle.launcher.exec.BuildActionResult@74c79fa2] from daemon DaemonInfo{pid=2490, address=[7ebc54ab-445f-413a-8572-7934b02ce987 port:50648, addresses:[/0:0:0:0:0:0:0:1, /127.0.0.1]], state=Idle, lastBusy=1577268923398, context=DefaultDaemonContext[uid=bf2f2e4d-8367-47ed-852d-b5032248b24c,javaHome=/Library/Java/JavaVirtualMachines/jdk-11.0.5.jdk/Contents/Home,daemonRegistryDir=/Users/t/.gradle/daemon,pid=2490,idleTimeout=10800000,priority=NORMAL,daemonOpts=--add-opens,java.base/java.util=ALL-UNNAMED,--add-opens,java.base/java.lang=ALL-UNNAMED,--add-opens,java.base/java.lang.invoke=ALL-UNNAMED,--add-opens,java.prefs/java.util.prefs=ALL-UNNAMED,-XX:MaxMetaspaceSize=256m,-XX:+HeapDumpOnOutOfMemoryError,-Xms256m,-Xmx512m,-Dfile.encoding=UTF-8,-Duser.country=CH,-Duser.language=de,-Duser.variant]} (build should be done).
2019-12-25T11:23:19.131+0100 [DEBUG] [org.gradle.launcher.daemon.client.DaemonClientConnection] thread 1: dispatching class org.gradle.launcher.daemon.protocol.Finished
2019-12-25T11:23:19.131+0100 [DEBUG] [org.gradle.launcher.daemon.client.DaemonClientConnection] thread 1: connection stop

JLLeitschuh · December 26, 2019, 3:59pm

Here is the suggestion from JFrog Support:

The user mentioned that downloading with curl works for him and does not result certs issue, therefore we suspect that the issue is with the user JAVA keystore, as Gradle use the JAVA keystore as far as we know, you may know better.
It could be that his JAVA version keystore has an old “*.cloudfront.net” cert cached.
We would suggest to try and upgrade the JAVA version and to check if this resolves the issue or to try the gradle build from a different host that has newer JAVA version.
If we may ask, are you getting the same issue as well when pulling packages?

If upgrading JAVA does not resolve the issue, he may share with us an example project that we could run gradle build on, that reproduces the issue on his end, although its unlikely that the same issue will be reproduced on our environment, as it seems like an environment issue, but still we would try to make sure its an environment issue on the user end.

ShaneK · December 27, 2019, 1:08am

@JLLeitschuh - thanks for the follow-up.

I can’t speak for @twwwt’s particular situation, but after further investigation (and much hair-pulling) it does look as though (in our case at least) the issue is specific to our build environment as the JFrog team suggested.

We currently use a customised Ubuntu 16.04 Docker container for our build/test environment. As part of my investigation, I created a pristine container based on a standard Ubuntu:16.04 image - and then manually installed Java 8 & Gradle (5.6.2) as required. I created a very basic Gradle build file and I was able to download plugin dependencies without issue - indicating that the problem we were experiencing is specific to our customised Docker container.

Upon further inspection of the customised Docker environment with which I was experiencing the issue - it transpires we are using a custom Java ‘cacerts’ file (/etc/ssl/certs/java/cacerts) - overwriting the the OS-supplied one - containing a self-signed CA certificate used to sign SSL certs for various internal servers that we use within our organisation - including an Artifactory server used to serve various libraries to our build environment. The custom certs added to this file aren’t in themselves an issue - but the cacerts file itself is now very out of date. Once I replaced the ‘cacerts’ file with an up-to-date one…hey presto!..we’re back in business! The only reason we’ve recently started seeing this issue is because we updated the Java 8 version used in our Dockerfile from a version which didn’t perform this legacy Symantec CA cert check to a newer version which did.

Martin_Ahrer · December 27, 2019, 1:58pm

Experiencing the same issue. Tried different JDK versions!

------------------------------------------------------------
Gradle 6.0.1
------------------------------------------------------------

Build time:   2019-11-18 20:25:01 UTC
Revision:     fad121066a68c4701acd362daf4287a7c309a0f5

Kotlin:       1.3.50
Groovy:       2.5.8
Ant:          Apache Ant(TM) version 1.10.7 compiled on September 1 2019
JVM:          13.0.1 (AdoptOpenJDK 13.0.1+9)
OS:           Mac OS X 10.14.6 x86_64

twwwt · December 27, 2019, 2:18pm

That might indeed be the same problem for us. I know that we do the same - use a custom keystore, essentially to add a self-signed certificate for a local Artifactory that we run. I just can’t test it right now. I will report back in a few days whether that caused this issue.

Thanks all!

twwwt · January 8, 2020, 12:04pm

To complete this request, we had the same problem. After changing to an up-to-date cacerts file, its working!

ShaneK · January 8, 2020, 12:47pm

Thats good news!

In my case, to try and avoid this problem in future, I updated our Docker build file to add our custom CA certs via keytool to the OS supplied JAVA cacerts file rather than replacing it with a totally custom version (which gradually becomes outdated)