如何配置 Gradle 以绕过 SSL 证书验证?
[英]How to configure Gradle to bypass SSL certificate validation?
问题描述
I have a remote repository with an https URL and a self-signed certificate.
我有一个带有https URL 和自签名证书的远程存储库。 In Maven I could set MAVEN_OPTS properties to bypass certificate validation.在 Maven 中,我可以设置MAVEN_OPTS属性以绕过证书验证。 How can I achive this with gradle?我怎样才能用 gradle 做到这一点?
I tried modifying the file gradle.properties but I can't find the exact properties:我尝试修改文件gradle.properties但找不到确切的属性:
systemProp.http.ssl.insecure=true
systemProp.http.ssl.allowall=true
systemProp.http.ssl.ignore.validity.dates=true
1 个解决方案
解决方案1
6 2020-02-11 14:52:52
Gradle "Trust All" Plugin This plugin was born out of necessity for a quick-and-dirty way to use a Maven repository over HTTPS with a self-signed certificate. Gradle "Trust All" 插件 这个插件的诞生是为了以一种快速而简单的方式通过 HTTPS 使用带有自签名证书的 Maven 存储库。
When working with such a repository in gradle you may get an error:在 gradle 中使用这样的存储库时,您可能会遇到错误:
Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Usual Java way to handle such scenario would be to download site certificate, import it into a keystore, and use that keystore via the -Djavax.net.ssl.trustStore=... JVM options.处理这种情况的常用 Java 方法是下载站点证书,将其导入密钥库,然后通过 -Djavax.net.ssl.trustStore=... JVM 选项使用该密钥库。
Sometimes, you just need an easier way — disable certificate validation altogether!有时,您只需要一种更简单的方法——完全禁用证书验证! There are many reasons not to do that, one of them being that this approach makes connections vulnerable to man-in-the-middle attacks.不这样做的原因有很多,其中之一是这种方法使连接容易受到中间人攻击。
Consider this code a proof-of-concept and accept full responsibility that by using it you're ultimately making an informed bad decision.将此代码视为概念验证并承担全部责任,即通过使用它,您最终会做出明智的错误决定。
Origin The code to disable certificate validation comes from this StackOverflow answer, although there are many similar code snippets floating around the web.来源禁用证书验证的代码来自这个 StackOverflow 答案,尽管网络上有许多类似的代码片段。
Using "Trust All" Plugin To use gradle-trust-all, build the jar file and include it in your project:使用“Trust All”插件要使用 gradle-trust-all,构建 jar 文件并将其包含在您的项目中:
$ git clone https://github.com/arteme/gradle-trust-all.git
$ cd gradle-trust-all
$ gradle build
$ cp build/libs/gradle-trust-all.jar /path/to/your/project/gradle/folder/
Then in your project's build.gradle file add it as a buildscript dependency and activate the plugin:然后在项目的 build.gradle 文件中将其添加为 buildscript 依赖项并激活插件:
buildscript {
dependencies {
classpath files('gradle/gradle-trust-all.jar')
}
}
apply plugin: 'trust-all'
That is it.这就对了。 Now certificate validation in gradle is disabled.现在 gradle 中的证书验证被禁用。
https://github.com/arteme/gradle-trust-all https://github.com/arteme/gradle-trust-all
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.