cacerts and OSX
Scott Kovatch
scott.kovatch at oracle.com
Thu May 31 08:29:10 PDT 2012
On May 31, 2012, at 7:39 AM, Henri Gomez <henri.gomez at gmail.com> wrote:
>> CA certificate management is non-trivial matter. Right now it's
>> pretty much orthogonal to OpenJDK development, and it's something
>> for downstream distributors to handle.
>>
>> Personally, I'd like to keep it that way for OpenJDK 7 updates as
>> I don't see the need for doing it in this Project, given that OpenJDK
>> 7u distributors as well as organizations building their own JDKs
>> based on OpenJDK 7u typically have their own ways of managing CA
>> certificates in place specific to their needs.
>
> My question wasn't clear.
> cacerts inclusion for OSX was at packaging level, ie like those I
> didn't on openjdk-osx-build, so after stock OpenJDK build process.
Henri, I think this is something you would have to bring up with Apple. The cacerts file in Apple's JDK was generated from the certificates in the 'System Roots' keychain (or, it was the last time I was responsible for doing it), so you may not have the legal right to redistribute it. As usual, there are no lawyers here.
As Dalibor says, each JDK distributor or licensee is responsible for obtaining their own root certificates, and in Apple's case, they are already distributed via the OS, so the JDK was covered by those licenses.
-- Scott K.
----------------------------------------
Scott Kovatch
scott.kovatch at oracle.com
Santa Clara/Pleasanton, CA
More information about the jdk7u-dev
mailing list