WeakSSL

  • Tags : testing, ssl, https
  • Latest : 1.0
  • Last Updated: 25 July 2011
  • Grails version : 1.3.6 > *
  • Authors : Shawn Hartsock
0 vote
Dependency :
compile ":weak-ssl:1.0"

Documentation Source Issues

Summary

makes Java/Groovy accept any SSL certificate.

Installation

$ grails install-plugin weak-ssl

Description

Makes Java/Groovy work with self-signed certificates or other malformed SSL certificates. It is useful for working in development environments or test environments where you have a generated SSL certificate. Notice one of the modules detects the Grails test mode and reads the Grails generated SSL cert and provides an SSL exception for it.

By default this plugin deactivates itself in production environments and only adds exceptions for SSL certificates served by localhost. You may choose to override this behavior.

use case

If you are running an application in test that uses SSL and you attempt to connect to your own host over SSL in your code, you will get an error. That's because grails is using a self generated SSL certificate.

For example:

def text = new URL("https://localhost:8443/${myapp}").text
produces this error
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

To fix this problem in development and test environments install this plugin.

$ grails install-plugin weak-ssl

now run in https mode

$ grails run-app -https

trust certain hosts

Configure a list of trusted host names. These are hosts that we will trust the certificates from even if they are self-signed.

Config.groovy

weakssl.trustedhosts = ['myhost','myotherhost','localhost','someotherhost']

trust all

Force trusted mode SSL to work in all contexts. The trustAll setting breaks the SSL certificate provider causing Java to trust all certificates presented to it. I strongly caution against using this mode in production.

Config.groovy

trustAll = true

If the trustAll mode is used in production, the grails app will print a warning statement that the trusting provider is enabled in a production environment then proceed as if it were in a test or development environment.