Skip to content
A gradle plugin to disable SSL certificate validation
Groovy
Branch: master
Clone or download
Artem Egorkine
Artem Egorkine README added
Latest commit cf623be Jun 3, 2015
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src/main Initial commit Jun 2, 2015
.gitignore Initial commit Jun 2, 2015
README.md README added Jun 2, 2015
build.gradle Initial commit Jun 2, 2015

README.md

Gradle "Trust All" Plugin

This plugin was born out of necessity for a quick-and-dirty way to use a Maven repository over HTTPS with a self-signed certificate.

When working with such a repository in gradle you may get an error:

Error transferring file: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

Usual Java way to handle such scenario would be to download site certificate, import it into a keystore and use that keystore via the -Djavax.net.ssl.trustStore=... JVM options.

Sometimes you just need an easier way -- disable certificate validation altogether! There are many reasons not to do that, one of them being that this approach makes connections vulnerable to man-in-the-middle attacks.

Consider this code a proof-of-concept and accept full responsibility that by using it you're ultimately making an informed bad decision.

Origin

The code to disable certificate validation come from this StackOverflow answer, although there are many similar code snippets floating around the web.

Using "Trust All" Plugin

To use gradle-trust-all, build the jar file and include it in your project:

$ git clone https://github.com/arteme/gradle-trust-all.git
$ cd gradle-trust-all
$ gradle build
$ cp build/libs/gradle-trust-all.jar /path/to/your/project/gradle/folder/

Then in your project's build.gradle file add it as a buildscript dependency and activate the plugin:

buildscript {
    dependencies {
        classpath files('gradle/gradle-trust-all.jar')
    }
}

apply plugin: 'trust-all'

That is it. Now certificate validation in gradle is disabled.

You can’t perform that action at this time.