[cp-patches] Re: RFC: add a cacerts file under resource/java/security

Raif S. Naffah raif at swiftdsl.com.au
Fri Jun 9 10:49:50 UTC 2006


hello Tom,

On Friday 09 June 2006 09:16, Tom Tromey wrote:
> >>>>> "Mark" == Mark Wielaard <mark at klomp.org> writes:
>
> Mark> I CCed the devjam list on which a couple of different
> distribution Mark> packagers are subscribed. Devjam people, Raif
> added support for Mark> importing trusted ca-certs to GNU Classpath
> so our tls/ssl Mark> implementation for example can just reuse the
> ca-certs that are already Mark> packaged for an distribution (for
> example those used by Mozilla).
>
> I know zilch about this area, so forgive me if my questions are
> naive.
>
> Why read these files and transform them into something we can
> distribute?

to offer similar capabilities as the RI's version of the keytool.


> Why not read them dynamically, as needed?  That way if a 
> new cert is installed, a newly run VM will pick it up automatically.

there are cases where this is not possible or desired:

* there is no such location on the machine with a Classpath + VM.
* these certificates are in more than one directory, with no direct 
parent.
* the directory/directories containing these certificates exist but may 
not be available or accessible to the keytool user.
* the same version of Classpath + VM, installed on different machines 
may end up with different cacerts file.


cheers;
rsn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://developer.classpath.org/pipermail/classpath-patches/attachments/20060609/106caf2d/attachment.pgp


More information about the Classpath-patches mailing list