[security-dev 01704]: Re: Please review new regression test for java.net.* API

[Sean Mullan]

Andrew John Hughes wrote:

> This has been posted about before; OpenJDK currently can't bootstrap
> itself because it doesn't have a working cacerts store (the JAXP URL
> uses https).
> 
> I don't know how to solve this; we can certainly have the cacerts file
> populated on GNU/Linux systems, but I don't have a clue how you'd do
> it on Solaris or Windows.  How do Sun populate it? Can that be shared?

No. The agreements we have with CAs to include root CA certificates are for our 
product releases only, we can't (at least not right now) include them in OpenJDK.

I haven't been following this thread in great detail, but don't existing JSSE 
tests cover this?

--Sean