Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 06 Feb 2023 19:29:09 +0000
From:      bugzilla-noreply@freebsd.org
To:        java@FreeBSD.org
Subject:   [Bug 229329] java/openjdk8: allow user to trust extra local certificates
Message-ID:  <bug-229329-8522-rwEI9HKhRg@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-229329-8522@https.bugs.freebsd.org/bugzilla/>
References:  <bug-229329-8522@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229329

Michael Osipov <michael.osipov@siemens.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |michael.osipov@siemens.com

--- Comment #10 from Michael Osipov <michael.osipov@siemens.com> ---
Created attachment 239958
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D239958&action=
=3Dedit
Git-formatted patch

Here is a patch against main which basically adds an option to use a custom
cacerts from LOCALBASE. This is the easiest approach to solve this problem =
now
until openssl can directly creata Java-compatible PKCS#12 truststores:
https://github.com/openssl/openssl/issues/6684

Works in production and poudriere. Can provide a patch for 11 and 17+ as we=
ll,
of course.

Simple port used at work:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
PORTNAME=3D       nss-siemens-cacerts-java
PORTVERSION=3D    20221107
CATEGORIES=3D     security
DISTFILES=3D

MAINTAINER=3D     michael.osipov@siemens.com
COMMENT=3D        Collection of CA certificates trusted by NSS and Siemens =
for
Java

NO_ARCH=3D        yes
NO_BUILD=3D       yes
NO_TEST=3D        yes

WRKSRC=3D         ${FILESDIR}
SSLDIR=3D         ${PREFIX}/etc/ssl

PLIST_SUB=3D      SSLDIR=3D${SSLDIR}

do-install:
        @${MKDIR} ${STAGEDIR}${SSLDIR}
        @${INSTALL_DATA} ${WRKSRC}/cacerts.jks ${STAGEDIR}${SSLDIR}/cacerts

.include <bsd.port.mk>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

cacerts.jks is generated with a custom Java application.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229329-8522-rwEI9HKhRg>