jfrog
ignoreSSLIssues doesn't actually ignore ssl issues
We have horrible CA issues in my company because we have an internal CA certificate server. I looked at the ArtifactoryImpl and when you set the ignoreSSLIssues flag, you don't actually ignore ssl issues. You only set a flag that ignores self signed.
i would like a way to actually ignore all ssl issues. an example to inject my own httpclient would be good enough, something. When we end up with a server that wants to be difficult, it typically takes weeks of trouble tickets to get them straightened out. Since all my stuff is internal, we typically just disable ssl verification all together.
@scphantm, are you using the latest artifactory-client-java release? I'm asking because in the last release we made significant changes to the http client, basically replacing the HttpBuilder previously used with the native Apache HttpClient to resolve a few certificate related issues. Is there a specific code change that you suggest we make? Let's collaborate to improve and modify the code if needed.
to truly ignore ssl errors with httpclient you have to create your won ssl trust store factory and pass it into the constructor of the httpclient object. this code doesn't exist in master.
@scphantm, Would you like to contribute the code ? Let's collaborate to add this.
i am already contributing to too many projects, i am booked out for a few months at least.
https://stackoverflow.com/questions/48002672/how-to-ignore-ssl-certification-when-using-org-apache-commons-httpclient