Date: Mon, 25 Jun 2018 12:31:25 +0000 From: bugzilla-noreply@freebsd.org To: java@FreeBSD.org Subject: [Bug 229329] java/openjdk8: allow user to trust extra local certificates Message-ID: <bug-229329-8522-pOoqYjZWkv@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-229329-8522@https.bugs.freebsd.org/bugzilla/> References: <bug-229329-8522@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229329 --- Comment #3 from Michael Osipov <1983-01-06@gmx.net> --- > The problem is really a general problem with how this is designed in Java= . I am inclined to refuse this suggestion since it would now be compatible = with other OS:es javas. I do not fully agree because other OSes do derive cacerts from Mozilla's pu= blic list. OpenJDK does not yet include a cacerts. BTW, RHEL provides an overly complex option to solve bug 229329. > -Djavax.net.ssl.trustStore=3D/home/girgen/mycacerts Isn't really an option because I would miss all public CAs. It'd be cat-and-mice-game to chase both which I don't want to do. Moreover, hooking this into each and very possible application is a pain. I'd like to hear Greg Lewis stance on this and since 229329 has not been rejected yet, I'd be fair to keep this one open. I guess I am not the only idiot having this problem. At best 229329 would be resolved and the ports system would derive the caca= rts from the ca_root_nss: https://packages.ubuntu.com/bionic/ca-certificates-ja= va --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229329-8522-pOoqYjZWkv>