Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
AW: AW: AW: AW: [geclipse-dev] CA certificate loading 
Hi Again,

Just committed the changes to HEAD, should be in the nightly build then (if it does not mess up everything ;-)

One more note: when (re-)setting the certificate location formerly known certificates will not be available any more. So whenever you use this functionality you should be sure to first set the location and then import/add your certs.

Please report back as soon as you had a look at this!

Cheers, Mathias

-----Ursprüngliche Nachricht-----
Von: geclipse-dev-bounces@xxxxxxxxxxx [mailto:geclipse-dev-bounces@xxxxxxxxxxx] Im Auftrag von Romain
Gesendet: Montag, 8. Dezember 2008 17:54
An: Developer mailing list
Betreff: Re: AW: AW: AW: [geclipse-dev] CA certificate loading

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> 
> I think a shortcut like
> 
> Security.setCertificateLocation( path );

Ok, coool, it seems good to me...
> 
> should do the trick.
> 
> But there is one thing we should always keep in mind. If we are changing
> the cert managers default directory all newly loaded or imported
> certificates will be stored in this directory as well! That means if you
> would like to import certificates from the EuGridPMA repos these will
> end up in the WNs default cert directory then most likely overwriting
> the old certificates there! Since an ordinary user will not have
> write-access to this directory this will end up in an exception! A way
> to come around this is to add the certificates with CertTrust.Trusted
> instead of CertTrust.AlwaysTrust which results in adding the certs in
> memory but not on disk. But then they have to be re-imported again after
> restarting g-Eclipse.

Actually, nevermind ! When we start g-eclipse an a workernode, we consider
(and it is the case) that the environment is virgin and that why we initialize
the g-eclipse environment each time. The solution to load the certificates into
memory is so okay.

> 
> So some thinks to keep in mind when talking about this new method! One
> should definitely be careful with this unless you won't be shot by your
> administrator for overwriting certificates ;-)

The grid may have some security shortcomings, but I hope they are a bit more subtle :)

Cheers, Rom.

> 
> Cheers, Mathias
> _______________________________________________
> geclipse-dev mailing list
> geclipse-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk9UTwACgkQbUN+hKKXqgs2KQCgpi+d7bpSzbOtPFKLxz1QWfkh
pTMAn1e9/OsyW0GnfLPaNnBOrQPp+w8j
=ufXo
-----END PGP SIGNATURE-----
_______________________________________________
geclipse-dev mailing list
geclipse-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/geclipse-dev

Back to the top