Date: Mon, 06 Feb 2023 19:29:09 +0000 From: bugzilla-noreply@freebsd.org To: java@FreeBSD.org Subject: [Bug 229329] java/openjdk8: allow user to trust extra local certificates Message-ID: <bug-229329-8522-rwEI9HKhRg@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-229329-8522@https.bugs.freebsd.org/bugzilla/> References: <bug-229329-8522@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229329 Michael Osipov <michael.osipov@siemens.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michael.osipov@siemens.com --- Comment #10 from Michael Osipov <michael.osipov@siemens.com> --- Created attachment 239958 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=239958&action=edit Git-formatted patch Here is a patch against main which basically adds an option to use a custom cacerts from LOCALBASE. This is the easiest approach to solve this problem now until openssl can directly creata Java-compatible PKCS#12 truststores: https://github.com/openssl/openssl/issues/6684 Works in production and poudriere. Can provide a patch for 11 and 17+ as well, of course. Simple port used at work: ========================= PORTNAME= nss-siemens-cacerts-java PORTVERSION= 20221107 CATEGORIES= security DISTFILES= MAINTAINER= michael.osipov@siemens.com COMMENT= Collection of CA certificates trusted by NSS and Siemens for Java NO_ARCH= yes NO_BUILD= yes NO_TEST= yes WRKSRC= ${FILESDIR} SSLDIR= ${PREFIX}/etc/ssl PLIST_SUB= SSLDIR=${SSLDIR} do-install: @${MKDIR} ${STAGEDIR}${SSLDIR} @${INSTALL_DATA} ${WRKSRC}/cacerts.jks ${STAGEDIR}${SSLDIR}/cacerts .include <bsd.port.mk> ================== cacerts.jks is generated with a custom Java application. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229329-8522-rwEI9HKhRg>