[Bug 229329] java/openjdk8: allow user to trust extra local certificates
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jun 25 12:31:27 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229329
--- Comment #3 from Michael Osipov <1983-01-06 at gmx.net> ---
> The problem is really a general problem with how this is designed in Java. I am inclined to refuse this suggestion since it would now be compatible with other OS:es javas.
I do not fully agree because other OSes do derive cacerts from Mozilla's public
list. OpenJDK does not yet include a cacerts. BTW, RHEL provides an overly
complex option to solve bug 229329.
> -Djavax.net.ssl.trustStore=/home/girgen/mycacerts
Isn't really an option because I would miss all public CAs. It'd be
cat-and-mice-game to chase both which I don't want to do. Moreover, hooking
this into each and very possible application is a pain.
I'd like to hear Greg Lewis stance on this and since 229329 has not been
rejected yet, I'd be fair to keep this one open. I guess I am not the only
idiot having this problem.
At best 229329 would be resolved and the ports system would derive the cacarts
from the ca_root_nss: https://packages.ubuntu.com/bionic/ca-certificates-java
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-java
mailing list