[security-dev 01706]: Re: Please review new regression test for java.net.* API
Andrew John Hughes
ahughes at redhat.com
Thu Mar 18 15:16:16 UTC 2010
On 18 March 2010 15:13, Sean Mullan <Sean.Mullan at sun.com> wrote:
> Andrew John Hughes wrote:
>
>> This has been posted about before; OpenJDK currently can't bootstrap
>> itself because it doesn't have a working cacerts store (the JAXP URL
>> uses https).
>>
>> I don't know how to solve this; we can certainly have the cacerts file
>> populated on GNU/Linux systems, but I don't have a clue how you'd do
>> it on Solaris or Windows. How do Sun populate it? Can that be shared?
>
> No. The agreements we have with CAs to include root CA certificates are for
> our product releases only, we can't (at least not right now) include them in
> OpenJDK.
>
So they don't just use system-installed ones? Ok.
> I haven't been following this thread in great detail, but don't existing
> JSSE tests cover this?
>
No, if they did we wouldn't need another test.
> --Sean
>
>
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the security-dev
mailing list