Fwd: Re: [rfc][icedtea-web] reproducer for PR905
Deepak Bhole
dbhole at redhat.com
Wed Apr 4 09:20:31 PDT 2012
* Danesh Dadachanji <ddadacha at redhat.com> [2012-04-04 12:16]:
>
>
> On 04/04/12 12:05 PM, Jiri Vanek wrote:
> >On 04/04/2012 05:58 PM, Deepak Bhole wrote:
> >>* Jiri Vanek<jvanek at redhat.com> [2012-04-04 11:55]:
> >>>...snip...
> >>>>>>>
> >>>>
> >>>>
> >>>>How about creating a cert, importing it and then signing everything with that
> >>>>cert?
> >>>>
> >>>
> >>>Applet is then not asking user anymore???
> >>>
> >>>If this is true than this is granzgenial:)
> >>>
> >>>It will need some logic to import the certs to browser, but it will
> >>>be needed anyway (see http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-March/017799.html
> >>>for more about browser detection)
> >>>
> >>
> >>If you choose to always trust it, yes it shouldn't ask any more.
> >
> >hmmm... Can be much harder then to control this fully-automatically.
> >(means create certificate during make is easy, sign all stuff with this certificate is easy, import certificate to browsers should be
> >also easy (just cp I believe), force the browser to force this new certificate without prompt can be however impossible :( )
> >If it is possible to accept it just oncetimes for all future-generated certificates - it will do the job as well.
> >
>
> Can't you just add it to the keystore? That's what "Always Trust" does anyway IIRC.
>
Yep, that will have the same effect.
Deepak
More information about the distro-pkg-dev
mailing list