Cacerts generation patch for IcedTea6 HEAD
Dr Andrew John Hughes
ahughes at redhat.com
Tue Dec 21 05:03:25 PST 2010
On 12:09 Tue 21 Dec , Pavel Tisnovsky wrote:
> Hi all,
>
> I've created patch for cacerts generation prepared for IcedTea6 HEAD.
> This patch is heavily based on DJ Lucas's patch (thank you very much!)
> but I had to apply three changes:
>
> 1) I had to change the lines where the patch is applied to Makefile.am
> due to several changes in this file (it's understandable as the original
> patch is quite old and it's been prepared for older IcedTea version)
>
> 1) DEBUG_BUILD_OUTPUT_DIR macro is used instead of BUILD_OUTPUT_DIR when
> cacerts are about to be generated for debug build of IcedTea6 (already
> approved by DJ Lucas)
>
> 2) I also changed the decision logic which determinates whether the
> certificates have to be generated from one .crt file or from an existing
> list of .pem files. This ensures correct work in case when only file
> containing certificates is installed (this is RHEL 5 and RHEL 6 case:
> /etc/ssl/certs/ca-bundle.crt)
>
>
>
> I also tried to run JTReg against unpatched and patched IcedTea6. Here
> is diff:
>
> --- jtreg-summary.log 2010-12-21 11:28:45.063780000 +0100
> +++ /home/brq/ptisnovs/1/cacerts_patch/jtreg2/jtreg-summary.log
> 2010-12-21 11:28:45.574802000 +0100
> @@ -10,15 +10,16 @@
> Error:
> java/lang/management/MemoryMXBean/CollectionUsageThresholdConcMarkSweepGC.sh
> Error: java/net/InetAddress/CheckJNI.java
> Error: java/net/ipv6tests/UdpTest.java
> -FAILED: java/net/URL/TestHttps.java
> Error: java/nio/channels/SocketChannel/Connect.java
> FAILED: java/nio/charset/Charset/NIOCharsetAvailabilityTest.java
> FAILED: javax/swing/JLabel/6501991/bug6501991.java
> +FAILED: lib/security/cacerts/VerifyCACerts.java
> FAILED: sun/java2d/cmm/ColorConvertOp/ColConvCCMTest.java
> FAILED: sun/java2d/cmm/ColorConvertOp/ColConvDCMTest.java
> FAILED: sun/java2d/cmm/ColorConvertOp/MTColConvTest.java
> FAILED: sun/nio/cs/Test4200310.sh
> FAILED: sun/nio/cs/TestSJIS0213.java
> +FAILED: sun/security/rsa/TestCACerts.java
> Error: sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java
> FAILED: sun/security/validator/CertReplace.java
> -Test results: passed: 3,323; failed: 13; error: 5
> +Test results: passed: 3,322; failed: 14; error: 5
>
> It's great to see that TestHttps test passed on patched IcedTea, but I'm
> not sure why VerifyCACerts and TestCACerts tests failed. It seems that
> some certificates are not properly loaded to JVM but I'm not cert. guru
> - Lucas don't you know how to solve this? (Could this have anything to
> do with NSS?)
>
>
>
> Contents of tarball:
>
> jtreg_wo_patch - JTreg results for not patched IcedTea6
> jtreg_with_patch - JTreg results for patched IcedTea6 (+ log file
> generated by TestCACerts regression test)
> jtreg_diffs - diff files generated for above directories
> Makefile.am - new contents of Makefile.am with path applied
> hg_diff - hg diff generated against recent IcedTea6
>
Please attach a patch as usual and include a ChangeLog.
>
>
> >From my point of view: when the two JTreg failures will be resolved, it
> is IMHO ok to add this patch to IcedTea6. I welcome all comments of course.
>
I'll like to delay this until after 1.10 branches in January. Please commit
it only after that happens.
> Cheers
> Pavel
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the distro-pkg-dev
mailing list