This plugin was born out of necessity for a quick-and-dirty way to use a Maven repository over HTTPS with a self-signed certificate.
When working with such a repository in gradle you may get an error:
Error transferring file: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Usual Java way to handle such scenario would be to download site certificate,
import it into a keystore and use that keystore via the -Djavax.net.ssl.trustStore=...
JVM options.
Sometimes you just need an easier way -- disable certificate validation altogether! There are many reasons not to do that, one of them being that this approach makes connections vulnerable to man-in-the-middle attacks.
Consider this code a proof-of-concept and accept full responsibility that by using it you're ultimately making an informed bad decision.
The code to disable certificate validation come from this StackOverflow answer, although there are many similar code snippets floating around the web.
To use gradle-trust-all
, build the jar file and include it in your project:
$ git clone https://github.com/arteme/gradle-trust-all.git
$ cd gradle-trust-all
$ gradle build
$ cp build/libs/gradle-trust-all.jar /path/to/your/project/gradle/folder/
Then in your project's build.gradle
file add it as a buildscript dependency
and activate the plugin:
buildscript {
dependencies {
classpath files('gradle/gradle-trust-all.jar')
}
}
apply plugin: 'trust-all'
That is it. Now certificate validation in gradle is disabled.