[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] update site tests pass AND linux + .keyring file question

Are we performing this work on Harmony as well?

If not, it seems we should be.

________________________________________
Jim Colson, Chief Architect - IBM Client Software
Distinguished Engineer
IBM Academy of Technology
Board Member - IT Architect Certification

11501 Burnet Rd. Austin, TX 78758
Ph 512-823-7357, Fax 512-838-0962
email: jccolson@xxxxxxxxxx

Admin:  Sandra Wallis 512-838-3241
email:  swallis@xxxxxxxxxx



                                                                                                                
  From:       Matthew Flaherty/Westford/IBM@Lotus                                                               
                                                                                                                
  To:         Equinox development mailing list <equinox-dev@xxxxxxxxxxx>                                        
                                                                                                                
  Date:       05/08/2008 03:35 PM                                                                               
                                                                                                                
  Subject:    Re: [equinox-dev] update site tests pass AND linux +	.keyring      file  question                  
                                                                                                                






Yes, hopefully OpenJDK will behave in the same way as the other popular
JREs - /lib/security/cacerts. In effect, the location of cacerts is a
defacto API. It would be nice if there was API to get/set the system code
signature verification certs as a KeyStore object (or at least the path and
type as properties), but I've not seen anything like that in any JRE.

Also worth noting is that the implementation of the system certificate
store used for SSL can be replaced using the TrustManagerFactorySpi, and
the behaviour  of the default JSSE provider can be modified by:

javax.net.ssl.trustStore=<path to certs keystore>
javax.net.ssl.trustStoreType=<type of keystore>
javax.net.ssl.trustStorePassword=<password>


-matt.

                                                                           
 From:   John Arthorne <John_Arthorne@xxxxxxxxxx>                          
                                                                           
 To:     Equinox development mailing list <equinox-dev@xxxxxxxxxxx>        
                                                                           
 Date:   05/08/2008 09:48 AM                                               
                                                                           
 Subject Re: [equinox-dev] update site tests pass AND linux + .keyring     
 :       file        question                                              
                                                                           







I think you may be referring to the certificate store problem when using
OpenJDK.  The capsule summary is that Equinox Security is looking in a
particular location for the JRE's "cacerts" file that lists the known
trusted certificate roots. OpenJDK was storing this cacerts file in a
different place, so Equinox Security did not find it, and thus all
certificates appeared to be untrusted.  I believe the OpenJDK is fixing
this on their side, so that Equinox Security will correctly find the
cacerts file. I can't recall if the solution involved just moving the file
to a different location, or setting some system property to allow the file
to be found. Does this sound like the issue you are referring to?

John


                                                                           
 Jed Anderson                                                              
 <jed.anderson@xxxxxxxxxxxx>                                               
 Sent by:                                                                  
 equinox-dev-bounces@xxxxxxxxxxx                                        To 
                                        equinox-dev@xxxxxxxxxxx            
                                                                        cc 
 05/07/2008 09:07 PM                                                       
                                                                   Subject 
                                        [equinox-dev] update site tests    
        Please respond to               pass AND linux + .keyring file     
   Equinox development mailing          question                           
  list <equinox-dev@xxxxxxxxxxx>                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           






Hi all,

As promised during the p2 dev call, we've run our update site tests and are
happy to
announce that everything passed!

During the p2 dev call there was talk of linux + .keyring failures and a
recent solution.
Can anybody jump in an fill in the details for us?

Thanks,
jkca
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev

_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev