[security-dev 01136]: Re: 6840752: Provide out-of-the-box support for ECC algorithms
Andrew John Hughes
gnu_andrew at member.fsf.org
Fri Aug 28 01:56:05 UTC 2009
2009/8/28 Max (Weijun) Wang <Weijun.Wang at sun.com>:
>
> On Aug 27, 2009, at 9:52 PM, Andrew John Hughes wrote:
>
>> The problem is more the fact that it's an additional copy rather than
>> using the system installation, which means it has to be patched for
>> bugs and security fixes separately. For IcedTea, I'll look at
>> providing and using the option of using the system NSS and will also
>> submit this for review here if there is interest in providing such an
>> option.
>
> Since Java security is already provider based, I guess you can simply write
> one provider named NSS and remove all other security.provider.<n> lines in
> jre/lib/security/java.security.
>
> Max
>
>
Sounds like the JDK6 solution :)
I think the simpler fix is to just provide an option for the calls to
the native code to use the system library rather than the included
copy (some of the new files appear to be verbatim copies of files from
NSS AFAICS). But I need to look at this in more detail.
Thanks,
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the security-dev
mailing list