NEXUS-5481 ( 2.4 ), we started including the reason a remote was blocked in the UI in certain cases.
When an HTTP proxy server is used by Nexus, and Nexus encounters a trust issue with the certificate of the remote repo, then Nexus will display a message similar to the attached screenshot containing a message about the blocked repo cause "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".
This only happens if the failure occurs on the HTTPS CONNECT operation - which only happens when tunneling through an HTTP proxy server.
Problem: When some other firewall is used, and Nexus does not have an explicit HTTP proxy server configured, there is no CONNECT operation. Nexus will try a HEAD request first instead - this will fail with the above error, but only can be seen when Nexus ROOT logger is DEBUG, and then a GET request is made. The exception on the GET request is swallowed - not logged at all. There is no INFO or DEBUG level logging that prints the problem on a GET request.
I can confirm though, that if the remote cert is specifically trusted using the SSL certificates feature of Nexus, the repository is no longer auto-blocked.
- it should be easy to discover the cause of remote autoblocking
- do not swallow the remote trust exception in the case where a HTTP proxy server is NOT being used and cert trust errors occur on the followup GET request
- report the cause of the blocking in a manner similar to when an HTTP proxy server is being used