Maven secure HTTPS repository and JDK5

0
votes

Since January 2020, maven has switched their repo from HTTP to HTTPS. In order my project (running with Java 5 + maven 3.1.1) to download the repos i changed in my pom.xml the repos to look to: https://repo.maven.apache.org/maven2 This worked fine and now maven tries to access the dependencies from the secure repository. Trying to build/clean my project i faced following issues:

Issue 1 Trying to mvn clean my project without any further arguments i receive following error: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): peer not authenticated -> [Help 1]

I tried to bypass the error by adding following arguments: mvn -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true clean

New error: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): Remote host closed connection during handshake: SSL peer shut down incorrectly -> [Help 1]

Further attemp by adding alos the following argument: -Dhttps.protocols=TLSv1.2,TLSv1.1 Resolves to a new error:

Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): TLSv1.2 -> [Help 1]

Issue 2 I tried to with a different approach by using the certificate provided from https://repo.maven.apache.org/maven2/ I import the certificate into a trust store and tried to use this with the following maven command:

mvn -Djavax.net.ssl.trustStore=C:\PortableApps\trust.jks -Djavax.net.ssl.trustStorePassword=pass -Djavax.net.ssl.keyStore=C:\PortableApps\trust.jks -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=pass clean

The error is the same as previous again Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): peer not authenticated -> [Help 1]

I start to believe, that this is not goign to work with Java 5 due to the limitations of the JVM. As a last resolution, i find the usage of the insecure repo http://insecure.repo1.maven.org/maven2/ but i want to go do this as my very last option. Any further suggestions?

Note

  • On another project with Java 7, i was able to resolve all the issues by using the latest maven version 3.6.3
  • Since the project is compatible only with Java 5, i am limited in using maven version up to 3.1.1
1
javamavenmaven-3java-5
You can use toolchain to compile and test your project with JDK 5 whereas Maven runs with JDK 7 .... maven.apache.org/guides/mini/guide-using-toolchains.htmlkhmarbaise
is this suggested as a resolution as what i am trying to do will not work with jdk5 or is this just a workaround ? Thank you for your replyStephan
Try to use proxy: maven.apache.org/guides/mini/guide-proxies.html , proxy server should provide ordinary http for your maven client, but will connect itself to maven's https repository, since issue is in outdated client - should help.Alex Chernyshev
The other solution would be to use a repository manager like Nexus ...This is a setup I strongly recommend for running Maven etc. within a corporate environment which will handle the https part...also I would recommend to upgrade your Maven version also you can change the configuration of your project and build with JDK7+ and define the target to JDK 5 ..? and I strongly recommend to use the https connection.....khmarbaise
Alex Chernyshev, i cannot go with this option, as in this case i will need to force others who compile the application on different environments, to create a proxy just for this case as well.Stephan

1 Answers

0
votes

I ended up using the insecure maven repo http://insecure.repo1.maven.org/maven2/ in order to make it work with Java 5 (build/run).

Alternative, as some already suggested in the comments, you may use JDK 7 for your build process in order to download the dependencies from the secure maven repository and Java 5 for running your app.

As it seems, there is no way in accessing the secure maven repo while using Java 5 due to the lack of TLSv1.2 support which maven seems to use (https://central.sonatype.org/articles/2018/May/04/discontinued-support-for-tlsv11-and-below/?__hstc=31049440.13cc707ef0d169390d4d7ac8ba12c78e.1571910247825.1579506965027.1580304556973.4&__hssc=31049440.1.1580304556973&__hsfp=1122763312)