[Bug 229329] java/openjdk8: allow user to trust extra local certificates
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 06 Feb 2023 19:29:09 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229329 Michael Osipov <michael.osipov@siemens.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michael.osipov@siemens.com --- Comment #10 from Michael Osipov <michael.osipov@siemens.com> --- Created attachment 239958 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=239958&action=edit Git-formatted patch Here is a patch against main which basically adds an option to use a custom cacerts from LOCALBASE. This is the easiest approach to solve this problem now until openssl can directly creata Java-compatible PKCS#12 truststores: https://github.com/openssl/openssl/issues/6684 Works in production and poudriere. Can provide a patch for 11 and 17+ as well, of course. Simple port used at work: ========================= PORTNAME= nss-siemens-cacerts-java PORTVERSION= 20221107 CATEGORIES= security DISTFILES= MAINTAINER= michael.osipov@siemens.com COMMENT= Collection of CA certificates trusted by NSS and Siemens for Java NO_ARCH= yes NO_BUILD= yes NO_TEST= yes WRKSRC= ${FILESDIR} SSLDIR= ${PREFIX}/etc/ssl PLIST_SUB= SSLDIR=${SSLDIR} do-install: @${MKDIR} ${STAGEDIR}${SSLDIR} @${INSTALL_DATA} ${WRKSRC}/cacerts.jks ${STAGEDIR}${SSLDIR}/cacerts .include <bsd.port.mk> ================== cacerts.jks is generated with a custom Java application. -- You are receiving this mail because: You are the assignee for the bug.