[Bug 229329] java/openjdk8: allow user to trust extra local certificates

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229329

--- Comment #3 from Michael Osipov <1983-01-06 at gmx.net> ---
> The problem is really a general problem with how this is designed in Java. I am inclined to refuse this suggestion since it would now be compatible with other OS:es javas.

I do not fully agree because other OSes do derive cacerts from Mozilla's public
list. OpenJDK does not yet include a cacerts. BTW, RHEL provides an overly
complex option to solve bug 229329.

> -Djavax.net.ssl.trustStore=/home/girgen/mycacerts

Isn't really an option because I would miss all public CAs. It'd be
cat-and-mice-game to chase both which I don't want to do. Moreover, hooking
this into each and very possible application is a pain.

I'd like to hear Greg Lewis stance on this and since 229329 has not been
rejected yet, I'd be fair to keep this one open. I guess I am not the only
idiot having this problem.

At best 229329 would be resolved and the ports system would derive the cacarts
from the ca_root_nss: https://packages.ubuntu.com/bionic/ca-certificates-java

-- 
You are receiving this mail because:
You are the assignee for the bug.