cacerts support
Thomas Fitzsimmons
fitzsim at redhat.com
Thu May 29 12:42:36 PDT 2008
Hi,
I deleted patches/icedtea-certbundle.patch. There were problems with the
approach of reading system-installed certs directly, the main one being that
some apps explicitly require the existence of a valid cacerts file. See for
example:
http://wiki.eclipse.org/Security:_KeyStore_support_for_Eclipse
In Fedora we've created a new noarch package to host certificates, called
ca-certificates.
https://bugzilla.redhat.com/show_bug.cgi?id=448497
It runs keytool to generate /etc/pki/java/cacerts from Mozilla's certificates.
The OpenJDK package depends on ca-certificates and symlinks
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/security/cacerts to
/etc/pki/java/cacerts.
Other distributions may need to follow suit.
Tom
More information about the distro-pkg-dev
mailing list