xapix-io / paos

Clojure SOAP client
Eclipse Public License 1.0
93 stars 12 forks source link

Tried to use insecure HTTP repository without TLS. #10

Closed boxxxie closed 6 years ago

boxxxie commented 6 years ago

i'm getting this when using lein deps on a new project with the only deps being clojure and paos.

this is from lein help faq

**Q:** I got `Tried to use insecure HTTP repository without TLS`, what is that about?  
**A:** This means your project was configured to download dependencies
from a repository that does not use TLS encryption. This is very
insecure and exposes you to trivially-executed man-in-the-middle attacks.
DeLaGuardo commented 6 years ago

Thanks, I'm aware of that problem. Unfortunately, paos uses some java dependencies that published to insecure repositories. We are working under replacement for those libraries but in the meantime, I would suggest using a hack described in leiningen FAQ:

;; add this to your project.clj
(require 'cemerick.pomegranate.aether)
(cemerick.pomegranate.aether/register-wagon-factory!
 "http" #(org.apache.maven.wagon.providers.http.HttpWagon.))

This is not a good solution and we will fix this ASAP. Keep an eye on this issue - #12

DeLaGuardo commented 6 years ago

@boxxxie That should be fixed in 0.2.2.