[8u] Is it possible to bring root certificates to OpenJDK 8 [JEP319] ?
Martijn Verburg
martijnverburg at gmail.com
Fri Mar 22 19:37:37 UTC 2019
FWIW - we backported these in the AdoptOpenJDK 8 builds and could provide a
patch to upstream that change.
Cheers,
Martijn
On Fri, 22 Mar 2019 at 19:35, Sean Mullan <sean.mullan at oracle.com> wrote:
> Hi Christoph,
>
> On 3/21/19 6:20 AM, Langer, Christoph wrote:
> > Hi,
> >
> > I recently came across a scenario where I wanted to use a self-built
> OpenJDK 8 in a maven build and it could not download artefacts due to
> missing root certificates. I helped myself by replacing the cacerts with
> some other version from a later OpenJDK and came over the issue. However,
> I’ve asked myself whether it was possible/worthwhile to get the root
> certificates also into an OpenJDK 8 update?
> >
> > With JEP 319 [0], Oracle has open-sourced the root certificates into
> OpenJDK. The initial check-in was done for jdk10, via bug JDK-8189131 [1].
> After that, several commits have been made to update the set of root
> certificates and improve the tests.
> >
> > Now my questions are: Is it legally possible to bring these root
> certificates also into OpenJDK 8? Since it is a JEP, can the “feature” be
> added to OpenJDK 8 via an update release? And, last but not least, would
> there be interest in the community for that at all?
>
> I can answer the first two questions. I talked to one of our Product
> Managers who was involved with this JEP and he said that we have
> permission to release these certificates as open source at OpenJDK (much
> as Mozilla has roots in Firefox). Therefore there should be no concerns
> using with OpenJDK 8 or other versions for that matter. If you mean the
> jdk8u project specifically, you should check with the current
> maintainers for interest in this as I think they currently use other
> means for their builds.
>
> --Sean
>
> >
> > Just trying to start a discussion… 😊
> >
> > Best regards
> > Christoph
> >
> > [0] http://openjdk.java.net/jeps/319
> > [1] https://bugs.openjdk.java.net/browse/JDK-8189131
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190322/623f82ef/attachment.htm>
More information about the security-dev
mailing list