On Mon, 2006-07-31 at 13:24 -0700, Casey Marshall wrote: > Most GNU/Linux distributions have packages for a list of root > certificates, usually as just a bunch of separate PEM files. Does > Fedora have something like that? Yes. It looks like openssl ships with certificates. kdelibs does as well. Perhaps there are others. > If so, one good way to fix this > would be to generate a cacerts file (using gkeytool) that contains > the same list of certificates, and add that to the GCJ RPM. It is > somewhat preferable for distributions to figure out which root > certificates they want to use, than for Classpath to arbitrarily > decide what certificates to include, IMO. Sounds good. This should probably go in the java-1.4.2-gcj-compat package (our JDK compatibility layer on top of gcj). We could simply "BuildRequire" openssl to generate and package the cacerts files. > Does that make sense? I can explain how to generate such a cacerts > file from a bunch of separate certificates, if you like. That would be great. I've never run gkeytool before. > Additionally, loading cacerts isn't even necessary with Classpath: > Jessie uses an internal list of root certificates (approximately the > same list you'll find by default in e.g. Firefox) if no other > certificates are provided. Nice to see that the RSSOwl people had to > make this crap so "Easy." A bug (or maybe just some harsh words) > upstream is also advisable. Ok. Thanks, AG -- fedora-devel-java-list mailing list fedora-devel-java-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-java-list
