From ctrueden at wisc.edu  Mon Dec 22 19:52:36 2014
From: ctrueden at wisc.edu (Curtis Rueden)
Date: Mon, 22 Dec 2014 13:52:36 -0600
Subject: cacerts for OpenJDK on Haiku
Message-ID: <CADN69yk0kFFHVRhTDN1gOmYEpcc1N0de-vmW33qtj50y-vsb_Q@mail.gmail.com>

Hi everyone,

I am testing out the most recent nightly of Haiku. Installed OpenJDK with
pkgman, and all went off without a hitch -- amazing progress!

Then I installed Maven and tried to build a Java application. Java
complains:

  Unexpected error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty

This is because recent versions of Maven use https by default for accessing
Maven Central [1], and it seems that the Haiku installation of OpenJDK does
not ship with the needed cacerts in $JAVA_HOME/jre/lib/security/cacerts.
Apologies if I missed the documentation about this somewhere, but... how do
I install them?

Regards,
Curtis

P.S. I worked around the issue by configuring Maven to use http instead,
but of course that's a security vulnerability long-term [2].

[1] http://www.infoq.com/news/2014/08/Maven-SSL-Default
[2]
http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/haiku-port-dev/attachments/20141222/a3923bae/attachment.html>

From hamishm53 at gmail.com  Tue Dec 30 02:15:22 2014
From: hamishm53 at gmail.com (Hamish Morrison)
Date: Tue, 30 Dec 2014 02:15:22 +0000
Subject: cacerts for OpenJDK on Haiku
In-Reply-To: <CADN69yk0kFFHVRhTDN1gOmYEpcc1N0de-vmW33qtj50y-vsb_Q@mail.gmail.com>
References: <CADN69yk0kFFHVRhTDN1gOmYEpcc1N0de-vmW33qtj50y-vsb_Q@mail.gmail.com>
Message-ID: <54A20ABA.4070202@gmail.com>

Hi Curtis,

On 22/12/2014 19:52, Curtis Rueden wrote:
> This is because recent versions of Maven use https by default for
> accessing Maven Central [1], and it seems that the Haiku installation of
> OpenJDK does not ship with the needed cacerts in
> $JAVA_HOME/jre/lib/security/cacerts. Apologies if I missed the
> documentation about this somewhere, but... how do I install them?

This is my fault. In theory the haikuporter recipe that builds the
OpenJDK package should generate a cacerts file from the the root
certificates that ship with Haiku. I just haven't got around to
implementing that yet. :)

In the meantime a quick fix is just to copy cacerts over from some
existing JDK on Linux or Windows. You'll have to update the file in the
package for this to work though.

I'll get this fixed in the next package I upload.

Cheers,
Hamish