Closed
Description
The JRE can be set to use the Windows trust store via javax.net.ssl.trustStoreType=Windows-ROOT
.
Gradle seems to have its own trust store handling which does not respect this setting.
As far as I understand the code in DefaultSslContextFactory.java
, there always needs to be a trust store file (javax.net.ssl.trustStore=SOME-FILE
) or code will fall back to use the default JRE files.
Why does gradle not use the Java default method?
Actual problem:
I want to use a maven repository via HTTPS with a special company certificate.
Goal:
Support Windows trust store usage via javax.net.ssl.trustStoreType=Windows-ROOT/MY
as the JRE does.
Metadata
Metadata
Assignees
Type
Projects
Relationships
Development
No branches or pull requests
Activity
wendlm commentedon Sep 28, 2018
We encounter the same problem which is very annoying actually, cause we have to add our own company certificate to the JVM keystore each time we change the JVM.
hbdesiato commentedon Oct 22, 2018
There is a workaorund: Just set
javax.net.ssl.trustStore
to any readable regular file. This file will be ignored if you setjavax.net.ssl.trustStoreType=Windows-ROOT
.Adding the following lines to your gradle.properties file should work:
TTMaZa commentedon Apr 4, 2019
Have you tried
systemProp.javax.net.ssl.trustStore=NUL
justin-michel-boeing commentedon Aug 21, 2019
Setting the trustStore property to the win.ini worked for me, but others on my team now can't build and are getting IOException: Invalid keystore format
Is anyone acknowledging that this is a bug in gradle, and are there plans to fix it?
knolleCC commentedon Jan 27, 2020
Thanks @hbdesiato, this works for me. Still I would appreciate this bug to be fixed and still I wonder why they do not use the default JRE mechanism.
knolleCC commentedon Jan 27, 2020
Uhm, seems I have to apologize. Using Gradle 6.0.1, just specifying "javax.net.ssl.trustStoreType=Windows-ROOT" now works for me. Did they fix this already?
knolleCC commentedon Mar 4, 2020
Hmm, forget what I posted in Jan... it still only works with a file path (trustStore parameter). The code prooves it: https://github.com/gradle/gradle/blob/master/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/DefaultSslContextFactory.java
stale commentedon Mar 4, 2021
This issue has been automatically marked as stale because it has not had recent activity. Given the limited bandwidth of the team, it will be automatically closed if no further activity occurs. If you're interested in how we try to keep the backlog in a healthy state, please read our blog post on how we refine our backlog. If you feel this is something you could contribute, please have a look at our Contributor Guide. Thank you for your contribution.
stale commentedon Mar 25, 2021
This issue has been automatically closed due to inactivity. If you can reproduce this on a recent version of Gradle or if you have a good use case for this feature, please feel free to reopen the issue with steps to reproduce, a quick explanation of your use case or a high-quality pull request.
29 remaining items