[cp-patches] RFC: add a cacerts file under resource/java/security

Raif S. Naffah raif at swiftdsl.com.au
Mon May 29 11:40:04 UTC 2006


On Monday 29 May 2006 21:21, Mark Wielaard wrote:
> Hi Raif,
>
> On Mon, 2006-05-29 at 21:00 +1000, Raif S. Naffah wrote:
> > On Monday 29 May 2006 20:02, Mark Wielaard wrote:
> > > On Mon, 2006-05-22 at 21:42 +1000, Raif S. Naffah wrote:
> > > > my question is: does anybody see any problem, legal or
> > > > otherwise, in including our version of this cacerts file which
> > > > i named "cacerts.gkr" into the GNU Classpath distribution?
> > >
> > > I wonder how well that will work with the various distributions.
> >
> > if by distributions you mean the different VMs that use Classpath
> > then this file is not much different than for example
> > classpath.security, which is our version of java.security.
>
> No, I was thinking of the GNU/Linux distros. They seem to have their
> own collection of "trusted" ca-certs already. So I was wondering
> whether we could somehow reuse those easily (for example during
> installation time). That way a user has only one set of ca-certs to
> worry about. Since at least for Debian it seems every package using
> ssl uses the same set. http://packages.debian.org/ca-certificates
> And then we wouldn't have to worry which certificates to include and
> where they would come from.

the "openssl x509" command seems to be capable of reading PEM 
certificates and writing them in X.509 format --which we can then 
import with keytool.  i'll have a closer look.


cheers;
rsn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://developer.classpath.org/pipermail/classpath-patches/attachments/20060529/d975ebe8/attachment.pgp


More information about the Classpath-patches mailing list