Reputation: 1213
How to configure Gradle to bypass SSL certificate validation?
I have a remote repository with an https URL and a self-signed certificate. In Maven I could set MAVEN_OPTS properties to bypass certificate validation. How can I achive this with gradle?
I tried modifying the file gradle.properties but I can’t find the exact properties:
systemProp.http.ssl.insecure=true
systemProp.http.ssl.allowall=true
systemProp.http.ssl.ignore.validity.dates=true
Upvotes: 36
Views: 51180
Answers (1)
Reputation: 479
Gradle "Trust All" Plugin This plugin was born out of necessity for a quick-and-dirty way to use a Maven repository over HTTPS with a self-signed certificate.
When working with such a repository in gradle you may get an error:
Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Usual Java way to handle such scenario would be to download site certificate, import it into a keystore, and use that keystore via the -Djavax.net.ssl.trustStore=... JVM options.
Sometimes, you just need an easier way — disable certificate validation altogether! There are many reasons not to do that, one of them being that this approach makes connections vulnerable to man-in-the-middle attacks.
Consider this code a proof-of-concept and accept full responsibility that by using it you're ultimately making an informed bad decision.
Origin The code to disable certificate validation comes from this StackOverflow answer, although there are many similar code snippets floating around the web.
Using "Trust All" Plugin To use gradle-trust-all, build the jar file and include it in your project:
$ git clone https://github.com/arteme/gradle-trust-all.git
$ cd gradle-trust-all
$ gradle build
$ cp build/libs/gradle-trust-all.jar /path/to/your/project/gradle/folder/
Then in your project's build.gradle file add it as a buildscript dependency and activate the plugin:
buildscript {
dependencies {
classpath files('gradle/gradle-trust-all.jar')
}
}
apply plugin: 'trust-all'
That is it. Now certificate validation in gradle is disabled.
https://github.com/arteme/gradle-trust-all
Upvotes: 9
Related Questions
- Java does not trusting any SSL Certificate on Windows
- Gradle build fails due to sun.security.validator.ValidatorException despite installing certificates
- Unable to skip ssl verification with gradle command but able to do so in maven
- How to bypass SSL verification for Gradle 4.5?
- How to disable certificate verification in Java *with Flutter*?
- Is there any way to force gradle to only use https connections?
- Analyse ssl error with gradle (-Djavax.net.debug=ssl seems not to be respected)
- Gradle: No trusted certificate found
- Gradle use certificate authentication for repository
- Configuring gradle jetty plugin to use ssl