From 8324287bd64727c8947f965719abc67400e3c350 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Wed, 15 Jun 2016 06:50:45 -0400 Subject: [PATCH] updated proxy configuration information --- .../src/site/markdown/configuration.md | 2 +- .../src/site/markdown/configuration.md | 3 ++- src/site/markdown/data/proxy.md | 22 +++++++++++++++++++ .../dependency-check-gradle/configuration.md | 2 +- 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/dependency-check-ant/src/site/markdown/configuration.md b/dependency-check-ant/src/site/markdown/configuration.md index e37ceeda1..e2bf57a24 100644 --- a/dependency-check-ant/src/site/markdown/configuration.md +++ b/dependency-check-ant/src/site/markdown/configuration.md @@ -38,7 +38,7 @@ projectName | The name of the project being scanned. reportFormat | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML reportOutputDirectory | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build | 'target' suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html) |   -proxyServer | The Proxy Server. |   +proxyServer | The Proxy Server; see the [proxy configuration](../data/proxy.html) page for more information. |   proxyPort | The Proxy Port. |   proxyUsername | Defines the proxy user name. |   proxyPassword | Defines the proxy password. |   diff --git a/dependency-check-maven/src/site/markdown/configuration.md b/dependency-check-maven/src/site/markdown/configuration.md index e310883d4..44b68a512 100644 --- a/dependency-check-maven/src/site/markdown/configuration.md +++ b/dependency-check-maven/src/site/markdown/configuration.md @@ -79,7 +79,8 @@ metaFileName | Sets the name of the file to use for storing the metadata Proxy Configuration ==================== -Use [Maven's settings](https://maven.apache.org/settings.html#Proxies) to configure a proxy server. If multiple proxies +Use [Maven's settings](https://maven.apache.org/settings.html#Proxies) to configure a proxy server. Please see the +dependency-check [proxy configuration](../data/proxy.html) page for additional problem solving techniques. If multiple proxies are configured in the Maven settings file you must tell dependency-check which proxy to use with the following property: Property | Description | Default Value diff --git a/src/site/markdown/data/proxy.md b/src/site/markdown/data/proxy.md index e6fdf6a63..b67fcacf8 100644 --- a/src/site/markdown/data/proxy.md +++ b/src/site/markdown/data/proxy.md @@ -9,3 +9,25 @@ to use a proxy to connect to the Internet. See the configuration settings for ea Note, it may also be possible to use the core [Java proxy](https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html) system properties instead of the configuration above. + +Certificate Errors +------------------ +In some cases if you setup a proxy the connection may still fail due to certificate +errors (see the log file from dependency-check). If you know which cert it's failing +on (either your proxy or NVD/CVE) you can either add the certificate itself or the +signing chain to your trust store. If you don't have access to modify the system +trust store (in $JAVA_HOME/lib/security/cacerts) you can copy it elsewhere and +import it using keytool, then specify that trust store on the command line +(`mvn -Djavax.net.ssl.trustStore=/path/to/cacerts`) or if you need to always +have that set, you can set the environment variable `JAVA_TOOL_OPTIONS` to have +`-Djavax.net.ssl.trustStore=/path/to/cacerts`. + +Still failing? +-------------- +In some cases the proxy is configured to block `HEAD` requests. While an attempt +is made by dependency-check to identify this situation it does not appear to be +100% successful. As such, the last thing to try is to add the property +`mvn -Ddownloader.quick.query.timestamp=false`. + +If trying the above and it still fails please open a ticket in the +[github repo](https://github.com/jeremylong/DependencyCheck/issues). \ No newline at end of file diff --git a/src/site/markdown/dependency-check-gradle/configuration.md b/src/site/markdown/dependency-check-gradle/configuration.md index 2b769df12..5234be304 100644 --- a/src/site/markdown/dependency-check-gradle/configuration.md +++ b/src/site/markdown/dependency-check-gradle/configuration.md @@ -34,7 +34,7 @@ dependencyCheck { Property | Description | Default Value ------------------|------------------------------------|------------------ -server | The proxy server. |   +server | The proxy server; see the [proxy configuration](../data/proxy.html) page for more information. |   port | The proxy port. |   username | Defines the proxy user name. |   password | Defines the proxy password. |