Skip to content

Unable to use Windows SSL trust store #6584

Closed
@knolleCC

Description

@knolleCC

The JRE can be set to use the Windows trust store via javax.net.ssl.trustStoreType=Windows-ROOT.
Gradle seems to have its own trust store handling which does not respect this setting.
As far as I understand the code in DefaultSslContextFactory.java, there always needs to be a trust store file (javax.net.ssl.trustStore=SOME-FILE) or code will fall back to use the default JRE files.
Why does gradle not use the Java default method?

Actual problem:
I want to use a maven repository via HTTPS with a special company certificate.

Goal:
Support Windows trust store usage via javax.net.ssl.trustStoreType=Windows-ROOT/MY as the JRE does.

Activity

wendlm

wendlm commented on Sep 28, 2018

@wendlm

We encounter the same problem which is very annoying actually, cause we have to add our own company certificate to the JVM keystore each time we change the JVM.

hbdesiato

hbdesiato commented on Oct 22, 2018

@hbdesiato

There is a workaorund: Just set javax.net.ssl.trustStore to any readable regular file. This file will be ignored if you set javax.net.ssl.trustStoreType=Windows-ROOT.

Adding the following lines to your gradle.properties file should work:

systemProp.javax.net.ssl.trustStore=C:\\Windows\\win.ini
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT

TTMaZa

TTMaZa commented on Apr 4, 2019

@TTMaZa

Have you tried

systemProp.javax.net.ssl.trustStore=NUL

justin-michel-boeing

justin-michel-boeing commented on Aug 21, 2019

@justin-michel-boeing

Setting the trustStore property to the win.ini worked for me, but others on my team now can't build and are getting IOException: Invalid keystore format

Is anyone acknowledging that this is a bug in gradle, and are there plans to fix it?

knolleCC

knolleCC commented on Jan 27, 2020

@knolleCC
Author

Adding the following lines to your gradle.properties file should work:

systemProp.javax.net.ssl.trustStore=C:\\Windows\\win.ini
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT

Thanks @hbdesiato, this works for me. Still I would appreciate this bug to be fixed and still I wonder why they do not use the default JRE mechanism.

knolleCC

knolleCC commented on Jan 27, 2020

@knolleCC
Author

Still I would appreciate this bug to be fixed and still I wonder why they do not use the default JRE mechanism.

Uhm, seems I have to apologize. Using Gradle 6.0.1, just specifying "javax.net.ssl.trustStoreType=Windows-ROOT" now works for me. Did they fix this already?

knolleCC

knolleCC commented on Mar 4, 2020

@knolleCC
Author

Uhm, seems I have to apologize. Using Gradle 6.0.1, just specifying "javax.net.ssl.trustStoreType=Windows-ROOT" now works for me. Did they fix this already?

Hmm, forget what I posted in Jan... it still only works with a file path (trustStore parameter). The code prooves it: https://github.com/gradle/gradle/blob/master/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/DefaultSslContextFactory.java

stale

stale commented on Mar 4, 2021

@stale

This issue has been automatically marked as stale because it has not had recent activity. Given the limited bandwidth of the team, it will be automatically closed if no further activity occurs. If you're interested in how we try to keep the backlog in a healthy state, please read our blog post on how we refine our backlog. If you feel this is something you could contribute, please have a look at our Contributor Guide. Thank you for your contribution.

stale

stale commented on Mar 25, 2021

@stale

This issue has been automatically closed due to inactivity. If you can reproduce this on a recent version of Gradle or if you have a good use case for this feature, please feel free to reopen the issue with steps to reproduce, a quick explanation of your use case or a high-quality pull request.

29 remaining items

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

a:bughas:workaroundIndicates that the issue has a workaroundre:windowsIssue related to using Gradle on Windows

Type

No type

Projects

No projects

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @guai@wolfs@ghale@wendlm@ov7a

      Issue actions

        Unable to use Windows SSL trust store · Issue #6584 · gradle/gradle