I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
The effect is that when ant tries to download files over SSL, it fails complaining about:
"java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.