On Mon, 2006-07-31 at 13:24 -0700, Casey Marshall wrote:
Most GNU/Linux distributions have packages for a list of root
certificates, usually as just a bunch of separate PEM files. Does
Fedora have something like that?
Yes. It looks like openssl ships with certificates. kdelibs does as
well. Perhaps there are others.
If so, one good way to fix this
would be to generate a cacerts file (using gkeytool) that contains
the same list of certificates, and add that to the GCJ RPM. It is
somewhat preferable for distributions to figure out which root
certificates they want to use, than for Classpath to arbitrarily
decide what certificates to include, IMO.
Sounds good. This should probably go in the java-1.4.2-gcj-compat
package (our JDK compatibility layer on top of gcj). We could simply
"BuildRequire" openssl to generate and package the cacerts files.
Does that make sense? I can explain how to generate such a cacerts
file from a bunch of separate certificates, if you like.
That would be great. I've never run gkeytool before.
Additionally, loading cacerts isn't even necessary with
Jessie uses an internal list of root certificates (approximately the
same list you'll find by default in e.g. Firefox) if no other
certificates are provided. Nice to see that the RSSOwl people had to
make this crap so "Easy." A bug (or maybe just some harsh words)
upstream is also advisable.