Skip to content

Unable to use Windows SSL trust store #6584

New issue
New issue
Closed
Closed
Unable to use Windows SSL trust store#6584
Assignees
ov7a
Labels
a:bughas:workaroundIndicates that the issue has a workaroundre:windowsIssue related to using Gradle on Windows
Milestone
 
8.3 RC1
@knolleCC

Description

@knolleCC
knolleCC
opened on Aug 31, 2018

The JRE can be set to use the Windows trust store via javax.net.ssl.trustStoreType=Windows-ROOT.
Gradle seems to have its own trust store handling which does not respect this setting.
As far as I understand the code in DefaultSslContextFactory.java, there always needs to be a trust store file (javax.net.ssl.trustStore=SOME-FILE) or code will fall back to use the default JRE files.
Why does gradle not use the Java default method?

Actual problem:
I want to use a maven repository via HTTPS with a special company certificate.

Goal:
Support Windows trust store usage via javax.net.ssl.trustStoreType=Windows-ROOT/MY as the JRE does.

Activity

wendlm

wendlm commented on Sep 28, 2018

@wendlm
wendlm
on Sep 28, 2018

We encounter the same problem which is very annoying actually, cause we have to add our own company certificate to the JVM keystore each time we change the JVM.

hbdesiato

hbdesiato commented on Oct 22, 2018

@hbdesiato
hbdesiato
on Oct 22, 2018

There is a workaorund: Just set javax.net.ssl.trustStore to any readable regular file. This file will be ignored if you set javax.net.ssl.trustStoreType=Windows-ROOT.

Adding the following lines to your gradle.properties file should work:

systemProp.javax.net.ssl.trustStore=C:\\Windows\\win.ini
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT
ghale
added
in:core
a:bug
from:contributor
on Feb 15, 2019
TTMaZa

TTMaZa commented on Apr 4, 2019

@TTMaZa
TTMaZa
on Apr 4, 2019 · edited by TTMaZa

Have you tried

systemProp.javax.net.ssl.trustStore=NUL

justin-michel-boeing

justin-michel-boeing commented on Aug 21, 2019

@justin-michel-boeing
justin-michel-boeing
on Aug 21, 2019

Setting the trustStore property to the win.ini worked for me, but others on my team now can't build and are getting IOException: Invalid keystore format

Is anyone acknowledging that this is a bug in gradle, and are there plans to fix it?

noetro
mentioned this on Nov 29, 2019
knolleCC

knolleCC commented on Jan 27, 2020

@knolleCC
knolleCC
on Jan 27, 2020
Author

Adding the following lines to your gradle.properties file should work:

systemProp.javax.net.ssl.trustStore=C:\\Windows\\win.ini
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT

Thanks @hbdesiato, this works for me. Still I would appreciate this bug to be fixed and still I wonder why they do not use the default JRE mechanism.

knolleCC

knolleCC commented on Jan 27, 2020

@knolleCC
knolleCC
on Jan 27, 2020
Author

Still I would appreciate this bug to be fixed and still I wonder why they do not use the default JRE mechanism.

Uhm, seems I have to apologize. Using Gradle 6.0.1, just specifying "javax.net.ssl.trustStoreType=Windows-ROOT" now works for me. Did they fix this already?

knolleCC

knolleCC commented on Mar 4, 2020

@knolleCC
knolleCC
on Mar 4, 2020
Author

Uhm, seems I have to apologize. Using Gradle 6.0.1, just specifying "javax.net.ssl.trustStoreType=Windows-ROOT" now works for me. Did they fix this already?

Hmm, forget what I posted in Jan... it still only works with a file path (trustStore parameter). The code prooves it: https://github.com/gradle/gradle/blob/master/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/DefaultSslContextFactory.java

stale

stale commented on Mar 4, 2021

@stale
stalebot
on Mar 4, 2021

This issue has been automatically marked as stale because it has not had recent activity. Given the limited bandwidth of the team, it will be automatically closed if no further activity occurs. If you're interested in how we try to keep the backlog in a healthy state, please read our blog post on how we refine our backlog. If you feel this is something you could contribute, please have a look at our Contributor Guide. Thank you for your contribution.

stale
added
stale
on Mar 4, 2021
stale

stale commented on Mar 25, 2021

@stale
stalebot
on Mar 25, 2021

This issue has been automatically closed due to inactivity. If you can reproduce this on a recent version of Gradle or if you have a good use case for this feature, please feel free to reopen the issue with steps to reproduce, a quick explanation of your use case or a high-quality pull request.

stale
closed this as completedon Mar 25, 2021

29 remaining items

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

a:bughas:workaroundIndicates that the issue has a workaroundre:windowsIssue related to using Gradle on Windows

Type

No type

Projects

No projects

Milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @guai@wolfs@ghale@wendlm@ov7a

      Issue actions
        Unable to use Windows SSL trust store · Issue #6584 · gradle/gradle