cacerts and OSX
Henri Gomez
henri.gomez at gmail.com
Thu May 31 06:32:40 PDT 2012
So we should
2012/5/31 Dalibor Topic <dalibor.topic at oracle.com>:
> On 5/31/12 2:49 PM, Henri Gomez wrote:
>> Hi to all,
>>
>> It seems cacerts (JAVA_BASE/Contents/Home/jre/lib/security/cacerts)
>> are no more correct for stock OpenJDK 7 built on OSX.
>
> CA certs aren't part of OpenJDK sources.
> See http://hg.openjdk.java.net/jdk7/build/raw-file/tip/README-builds.html#cacerts
> for details, in particular:
>
> "The source contain a cacerts file without CA root certificates. Formal JDK builders
> will need to secure permission from each public CA and include the certificates into
> their own custom cacerts file."
That's why I'm wondering if we could embed (for OSX packages) cacerts
available in Apple JDK or rebuild full bunch of cacerts from Mozilla
for example (ie:
http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt)
More information about the jdk7u-dev
mailing list