Java SSL issue

[Ray Scheufler]

I have been banging my head against a wall and I hope that someone can help me figure out the problem.

I have an odroid (like a raspberry pi) that I installed ubuntu 14.04 server on and upgraded to ubuntu 16.04 (I wanted something released but I couldn't convince the upgrade manager of that).  After the upgrade I installed openjdk-8-jdk so that I could build a maven and a gradle project.  When I ask gradle to do a build it attempts to download the gradle zip file from an https site but the ssl verification fails with a "PKIX path validation failed" for the reason that "signature check failed"  I have tried rebuilding the cacerts file a number of times and manually adding certs and have gotten this error message to change a bit (sometimes saying no trusted root or no path to root cert) but no luck in actually getting it to work.

For reference it is trying to download https://services.gradle.org/distributions/gradle-2.10-bin.zip  If I wget the file it works fine. 

I don't care if I have to disable https, for this application I am not concerned about man in the middle attacks poisoning my binaries.  Also, I couldn't figure out how to disable https.

Any suggestions or help are appreciated.  I have port forwarding setup so that I can ssh remotely and can even give you the login credentials for the machine if you think you are able to help.

Ray Scheufler

[David Champion]

Fix is at the bottom of the thread here:

https://discuss.gradle.org/t/gradle-1-12-wrapper-fails-unable-to-find-valid-certification-path-to-requested-target/2079/3

"Once I realized I had missed the gradlew file I downloaded it and it works."

-dc

--
You received this message because you are subscribed to the Google Groups "Area515 - Des Moines Maker Space" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dsmhackerspac...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ray Scheufler]

I correctly have the included gradlew file.

Ray Scheufler

[Sean OBryan]

Sounds like a poss an ssl issue?

To see if it is an ssl issue, turn off ssl.  If it is, import the self-signed cert (export it from your browser) into your machines java keystore.

 
In your build.gradle file, specify the url for your repo without ssl.

 

As an example build.gradle file with ssl

https://docs.gradle.org/current/userguide/artifact_dependencies_tutorial.html

 

 

apply plugin: 'java'

 

repositories {

    mavenCentral()

}

dependencies {

    compile group: 'org.hibernate', name: 'hibernate-core', version:'3.6.7.Final'

    testCompile group: 'junit', name:'junit', version: '4.+'

}
 

An example build.gradle file without ssl (formatting is bad)

apply plugin: 'java' 

repositories {   
maven {       
url "http://repo1.maven.org/maven2"    }       jcenter {        url "http://jcenter.bintray.com/"    } } 

dependencies {   
compile group: 'org.hibernate', name: 'hibernate-core', version: '3.6.7.Final'   
testCompile group: 'junit', name: 'junit', version: '4.+'}

[Jeffrey Ollie]

Have you checked to see if the time/date is correct?

[Ray Scheufler]

Yes, the date command returns the correct date.

Sean, I changed to non https:// and kicked it off. I'll see later.

Does anyone know how to convince maven to also use http?

[Sean OBryan]

When running maven using commands.  I think I've used the following in the past:

-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true

http://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs

[Ray Scheufler]

I think I finally have gradle and maven happy.  Gradle involved modifying the build.gradle to use non https repos.  Maven required creating a settings.xml that had a central repo url with http.  java still doesn't believe in ssl on the odroid but I am at least compiling.

Ray Scheufler

[Jeffrey Ollie]

Seems like there's a known bug with the root certificates getting configured correctly for Java in Ubuntu... Perhaps that's the issue?

https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760

Jeff Ollie

[Ray Scheufler]

No, I stumbled upon that before and I have tried it to no avail.  That is what caused the change in failure I was alluding to in the first email.

Ray Scheufler

[Matt Stanton]

Ray,

Have you tried asking about this on the odoid forums (http://forum.odroid.com/) or IRC channel (#odroid on Freenode)?  I'm sure someone has probably had to deal with all manner of Java headaches there (maybe not the CA certs issue, but you never know).  I never ran into any Java issues on my odroids, but I also tried really hard not to deal with Java in the first place (Java ARM support at the time was really iffy, with them having just released jdk8 on ARM as an alpha or pre-release of some sort and a lot of the newest Java-using programs wanting jdk8 because it was considered stable on x86).

Looking through their forums, I don't see any posts regarding Java not being capable of making SSL/TLS connections, so it might be good to ask there so that if anyone else has this problem and you eventually get it solved they would have it on record.  If you hit up their IRC channel, talk to mdrjr (tell him "Matt" from the forums sent you).

-- Matt (N0BOX)