From f825a855c58575808d215a37357ba90d38ff18ac Mon Sep 17 00:00:00 2001 From: Andre Doeblitz Date: Tue, 7 Nov 2017 13:37:43 +0100 Subject: [PATCH] [WAGON-452] RelaxedTrustStrategy handle multiple certificates Ignoring ssl validity of dates is working, but in my case the server returns 3 (expired) certificates. With that RelaxedTrustStrategy always returned false. --- .../shared/http/RelaxedTrustStrategy.java | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java b/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java index ca9bc9a5e..26e49367a 100644 --- a/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java +++ b/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/RelaxedTrustStrategy.java @@ -45,24 +45,27 @@ public RelaxedTrustStrategy( boolean ignoreSSLValidityDates ) public boolean isTrusted( X509Certificate[] certificates, String authType ) throws CertificateException { - if ( ( certificates != null ) && ( certificates.length == 1 ) ) + if ( ( certificates != null ) && ( certificates.length > 0 ) ) { - try + for ( X509Certificate currentCertificate : certificates ) { - certificates[0].checkValidity(); - } - catch ( CertificateExpiredException e ) - { - if ( !ignoreSSLValidityDates ) + try { - throw e; + currentCertificate.checkValidity(); } - } - catch ( CertificateNotYetValidException e ) - { - if ( !ignoreSSLValidityDates ) + catch ( CertificateExpiredException e ) + { + if ( !ignoreSSLValidityDates ) + { + throw e; + } + } + catch ( CertificateNotYetValidException e ) { - throw e; + if ( !ignoreSSLValidityDates ) + { + throw e; + } } } return true;