[8u] Is it possible to bring root certificates to OpenJDK 8 [JEP319] ?

Langer, Christoph christoph.langer at sap.com
Thu Mar 21 10:20:34 UTC 2019


Hi,

I recently came across a scenario where I wanted to use a self-built OpenJDK 8 in a maven build and it could not download artefacts due to missing root certificates. I helped myself by replacing the cacerts with some other version from a later OpenJDK and came over the issue. However, I’ve asked myself whether it was possible/worthwhile to get the root certificates also into an OpenJDK 8 update?

With JEP 319 [0], Oracle has open-sourced the root certificates into OpenJDK. The initial check-in was done for jdk10, via bug JDK-8189131 [1]. After that, several commits have been made to update the set of root certificates and improve the tests.

Now my questions are: Is it legally possible to bring these root certificates also into OpenJDK 8? Since it is a JEP, can the “feature” be added to OpenJDK 8 via an update release? And, last but not least, would there be interest in the community for that at all?

Just trying to start a discussion… 😊

Best regards
Christoph

[0] http://openjdk.java.net/jeps/319
[1] https://bugs.openjdk.java.net/browse/JDK-8189131

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190321/753018b6/attachment.htm>


More information about the security-dev mailing list