Closed SMUnlimited closed 6 years ago
t-8ch
commented
6 years ago Hi @SMUnlimited , I would prefer very much not to introduce such a setting. People will look for any solution for their problems and probably end up with this setting instead of configuring it properly.
If the certificate is self signed it should be easy to extract it from the server response:
openssl s_client -connect $SONARQUBE_URL:443.
SMUnlimited
commented
6 years ago I guess it could always be a less visible setting by not being configurable from the UI, but up to you at the end of the day.
We will have to keep making the change for the moment.
t-8ch
commented
6 years ago Out of curiosity: How does the sonar scanner talk to SonarQube? As a workaround you can also implement something with stunnel.
I will think about this again...
Hi,
We don't have access to our IT system certificates (don't ask) so cannot just add it to Java certificate store to support the https connection.
Effectively the fix we need is a single line in the StashClient (which works on its own) builder.setAcceptAnyCertificate(true);
This would be useful as an optional switch instead of always having to manually code this line in each time.
I traced issues we have to same as this old closed issue: https://github.com/AmadeusITGroup/sonar-stash/issues/9. I have updated that branch to the latest master code.
Also updated the description and configuration option so people know it is an insecure setting.
Thanks