4:22 p.m.
On Mon, 2006-07-31 at 13:24 -0700, Casey Marshall wrote:
Most GNU/Linux distributions have packages for a list of root
certificates, usually as just a bunch of separate PEM files. Does
Fedora have something like that?
Yes. It looks like openssl ships with certificates. kdelibs does as
well. Perhaps there are others.
If so, one good way to fix this
would be to generate a cacerts file (using gkeytool) that contains
the same list of certificates, and add that to the GCJ RPM. It is
somewhat preferable for distributions to figure out which root
certificates they want to use, than for Classpath to arbitrarily
decide what certificates to include, IMO.
Sounds good. This should probably go in the java-1.4.2-gcj-compat
package (our JDK compatibility layer on top of gcj). We could simply
"BuildRequire" openssl to generate and package the cacerts files.
Does that make sense? I can explain how to generate such a cacerts
file from a bunch of separate certificates, if you like.
That would be great. I've never run gkeytool before.
Additionally, loading cacerts isn't even necessary with
Classpath:
Jessie uses an internal list of root certificates (approximately the
same list you'll find by default in e.g. Firefox) if no other
certificates are provided. Nice to see that the RSSOwl people had to
make this crap so "Easy." A bug (or maybe just some harsh words)
upstream is also advisable.
Ok.
Thanks,
AG
11:29 a.m.
New subject: ssl connections, cacerts
>>>> "Anthony" == Anthony Green
<green(a)redhat.com> writes:
> Does that make sense? I can explain how to generate such a
cacerts
> file from a bunch of separate certificates, if you like.
Anthony> That would be great. I've never run gkeytool before.
Raif checked in a script to Classpath that should help with this
problem. Could you give it a try? If this works out we can wire it
into the libgcj build or something.
Tom
5:27 p.m.
New subject: ssl connections, cacerts
On Thu, 2006-08-03 at 10:29 -0600, Tom Tromey wrote:
Raif checked in a script to Classpath that should help with this
problem. Could you give it a try? If this works out we can wire it
into the libgcj build or something.
Even if it works I can't test it, because rssowl broke again (swt
breakage due to firefox upgrade I think).
In any case, I'll try the script. I think it more properly belongs in
java-gcj-compat, not gcc. But let me try it first.
AG
5:44 p.m.
New subject: ssl connections, cacerts
>>>> "Anthony" == Anthony Green
<green(a)redhat.com> writes:
Anthony> Even if it works I can't test it, because rssowl broke again (swt
Anthony> breakage due to firefox upgrade I think).
Bleah.
Anthony> In any case, I'll try the script. I think it more properly
Anthony> belongs in java-gcj-compat, not gcc.
Yeah, I agree. Though, in the long term I think we're hoping to get
rid of java-gcj-compat and merge it all into Classpath or libgcj.
Tom
5:56 p.m.
New subject: ssl connections, cacerts
hello Anthony,
On Friday 04 August 2006 08:27, Anthony Green wrote:
On Thu, 2006-08-03 at 10:29 -0600, Tom Tromey wrote:
> Raif checked in a script to Classpath that should help with this
> problem. Could you give it a try? If this works out we can wire it
> into the libgcj build or something.
Even if it works I can't test it, because rssowl broke again (swt
breakage due to firefox upgrade I think).
In any case, I'll try the script. I think it more properly belongs in
java-gcj-compat, not gcc. But let me try it first.
before trying the script you have to install (somewhere) the ca-certificates
Debian package (the one i used is from
http://packages.debian.org/stable/misc/ca-certificates) which requires Ruby
for generating the mozilla certificates.
how about if i send you my copy of the cacerts.gkr file i built from that
Debian package, and you try it with rssowl? if this works then we'll worry
about how to get it into java-gcj-compat.
cheers;
rsn
6:23 p.m.
New subject: ssl connections, cacerts
On Fri, 2006-08-04 at 08:56 +1000, Raif S. Naffah wrote:
how about if i send you my copy of the cacerts.gkr file i built from
that
Debian package, and you try it with rssowl? if this works then we'll worry
about how to get it into java-gcj-compat.
Ok. I don't know how long rssowl will be broken though. Hopefully not
long, but rssowl seems to be cursed in this regard. :-)
AG
6469
days inactive
6472
days old
java-devel@lists.fedoraproject.org
5 comments
3 participants
participants (3)
-
Anthony Green -
Raif S. Naffah -
Tom Tromey