Java SSL issue

1,426 views
Skip to first unread message

Ray Scheufler

unread,
Jan 26, 2016, 9:27:33 AM1/26/16
to Des Moines Hackerspace
I have been banging my head against a wall and I hope that someone can help me figure out the problem.

I have an odroid (like a raspberry pi) that I installed ubuntu 14.04 server on and upgraded to ubuntu 16.04 (I wanted something released but I couldn't convince the upgrade manager of that).  After the upgrade I installed openjdk-8-jdk so that I could build a maven and a gradle project.  When I ask gradle to do a build it attempts to download the gradle zip file from an https site but the ssl verification fails with a "PKIX path validation failed" for the reason that "signature check failed"  I have tried rebuilding the cacerts file a number of times and manually adding certs and have gotten this error message to change a bit (sometimes saying no trusted root or no path to root cert) but no luck in actually getting it to work.

For reference it is trying to download https://services.gradle.org/distributions/gradle-2.10-bin.zip  If I wget the file it works fine. 

I don't care if I have to disable https, for this application I am not concerned about man in the middle attacks poisoning my binaries.  Also, I couldn't figure out how to disable https.

Any suggestions or help are appreciated.  I have port forwarding setup so that I can ssh remotely and can even give you the login credentials for the machine if you think you are able to help.

Ray Scheufler




David Champion

unread,
Jan 26, 2016, 11:56:30 AM1/26/16
to dsmhackerspace
Fix is at the bottom of the thread here:


"Once I realized I had missed the gradlew file I downloaded it and it works."

-dc

--
You received this message because you are subscribed to the Google Groups "Area515 - Des Moines Maker Space" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dsmhackerspac...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ray Scheufler

unread,
Jan 26, 2016, 12:13:27 PM1/26/16
to Des Moines Hackerspace
I correctly have the included gradlew file.

Ray Scheufler

Sean OBryan

unread,
Jan 26, 2016, 12:15:01 PM1/26/16
to dsmhack...@googlegroups.com

Sounds like a poss an ssl issue?

To see if it is an ssl issue, turn off ssl.  If it is, import the self-signed cert (export it from your browser) into your machines java keystore.

 
In your build.gradle file, specify the url for your repo without ssl.

 

As an example build.gradle file with ssl

https://docs.gradle.org/current/userguide/artifact_dependencies_tutorial.html

 

 

apply plugin: 'java'

 

repositories {

    mavenCentral()

}

dependencies {

    compile group: 'org.hibernate', name: 'hibernate-core', version:'3.6.7.Final'

    testCompile group: 'junit', name:'junit', version: '4.+'

}
 

An example build.gradle file without ssl (formatting is bad)

apply plugin: 'java' 

repositories {   
maven {       
url "http://repo1.maven.org/maven2"    }       jcenter {        url "http://jcenter.bintray.com/"    } } 

dependencies {   
compile group: 'org.hibernate', name: 'hibernate-core', version: '3.6.7.Final'   
testCompile group: 'junit', name: 'junit', version: '4.+'}

Jeffrey Ollie

unread,
Jan 26, 2016, 12:59:10 PM1/26/16
to dsmhackerspace

Have you checked to see if the time/date is correct?

Ray Scheufler

unread,
Jan 26, 2016, 1:26:34 PM1/26/16
to Des Moines Hackerspace

Yes, the date command returns the correct date.

Sean, I changed to non https:// and kicked it off. I'll see later.

Does anyone know how to convince maven to also use http?

Sean OBryan

unread,
Jan 26, 2016, 1:35:46 PM1/26/16
to Area515 - Des Moines Maker Space
When running maven using commands.  I think I've used the following in the past:

-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true


http://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs

Ray Scheufler

unread,
Jan 26, 2016, 3:33:46 PM1/26/16
to Des Moines Hackerspace
I think I finally have gradle and maven happy.  Gradle involved modifying the build.gradle to use non https repos.  Maven required creating a settings.xml that had a central repo url with http.  java still doesn't believe in ssl on the odroid but I am at least compiling.

Ray Scheufler

Jeffrey Ollie

unread,
Jan 26, 2016, 3:38:09 PM1/26/16
to dsmhackerspace
Seems like there's a known bug with the root certificates getting configured correctly for Java in Ubuntu... Perhaps that's the issue?

https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760
Jeff Ollie

Ray Scheufler

unread,
Jan 26, 2016, 4:45:27 PM1/26/16
to Des Moines Hackerspace
No, I stumbled upon that before and I have tried it to no avail.  That is what caused the change in failure I was alluding to in the first email.

Ray Scheufler

Matt Stanton

unread,
Jan 26, 2016, 7:23:24 PM1/26/16
to dsmhack...@googlegroups.com
Ray,

Have you tried asking about this on the odoid forums (http://forum.odroid.com/) or IRC channel (#odroid on Freenode)?  I'm sure someone has probably had to deal with all manner of Java headaches there (maybe not the CA certs issue, but you never know).  I never ran into any Java issues on my odroids, but I also tried really hard not to deal with Java in the first place (Java ARM support at the time was really iffy, with them having just released jdk8 on ARM as an alpha or pre-release of some sort and a lot of the newest Java-using programs wanting jdk8 because it was considered stable on x86).

Looking through their forums, I don't see any posts regarding Java not being capable of making SSL/TLS connections, so it might be good to ask there so that if anyone else has this problem and you eventually get it solved they would have it on record.  If you hit up their IRC channel, talk to mdrjr (tell him "Matt" from the forums sent you).

-- Matt (N0BOX)
Reply all
Reply to author
Forward
0 new messages