On Mon, 2006-07-31 at 13:24 -0700, Casey Marshall wrote:
Most GNU/Linux distributions have packages for a list of root certificates, usually as just a bunch of separate PEM files. Does Fedora have something like that?
Yes. It looks like openssl ships with certificates. kdelibs does as well. Perhaps there are others.
If so, one good way to fix this would be to generate a cacerts file (using gkeytool) that contains the same list of certificates, and add that to the GCJ RPM. It is somewhat preferable for distributions to figure out which root certificates they want to use, than for Classpath to arbitrarily decide what certificates to include, IMO.
Sounds good. This should probably go in the java-1.4.2-gcj-compat package (our JDK compatibility layer on top of gcj). We could simply "BuildRequire" openssl to generate and package the cacerts files.
Does that make sense? I can explain how to generate such a cacerts file from a bunch of separate certificates, if you like.
That would be great. I've never run gkeytool before.
Additionally, loading cacerts isn't even necessary with Classpath: Jessie uses an internal list of root certificates (approximately the same list you'll find by default in e.g. Firefox) if no other certificates are provided. Nice to see that the RSSOwl people had to make this crap so "Easy." A bug (or maybe just some harsh words) upstream is also advisable.
Ok.
Thanks,
AG
"Anthony" == Anthony Green green@redhat.com writes:
Does that make sense? I can explain how to generate such a cacerts file from a bunch of separate certificates, if you like.
Anthony> That would be great. I've never run gkeytool before.
Raif checked in a script to Classpath that should help with this problem. Could you give it a try? If this works out we can wire it into the libgcj build or something.
Tom
On Thu, 2006-08-03 at 10:29 -0600, Tom Tromey wrote:
Raif checked in a script to Classpath that should help with this problem. Could you give it a try? If this works out we can wire it into the libgcj build or something.
Even if it works I can't test it, because rssowl broke again (swt breakage due to firefox upgrade I think).
In any case, I'll try the script. I think it more properly belongs in java-gcj-compat, not gcc. But let me try it first.
AG
"Anthony" == Anthony Green green@redhat.com writes:
Anthony> Even if it works I can't test it, because rssowl broke again (swt Anthony> breakage due to firefox upgrade I think).
Bleah.
Anthony> In any case, I'll try the script. I think it more properly Anthony> belongs in java-gcj-compat, not gcc.
Yeah, I agree. Though, in the long term I think we're hoping to get rid of java-gcj-compat and merge it all into Classpath or libgcj.
Tom
hello Anthony,
On Friday 04 August 2006 08:27, Anthony Green wrote:
On Thu, 2006-08-03 at 10:29 -0600, Tom Tromey wrote:
Raif checked in a script to Classpath that should help with this problem. Could you give it a try? If this works out we can wire it into the libgcj build or something.
Even if it works I can't test it, because rssowl broke again (swt breakage due to firefox upgrade I think).
In any case, I'll try the script. I think it more properly belongs in java-gcj-compat, not gcc. But let me try it first.
before trying the script you have to install (somewhere) the ca-certificates Debian package (the one i used is from http://packages.debian.org/stable/misc/ca-certificates) which requires Ruby for generating the mozilla certificates.
how about if i send you my copy of the cacerts.gkr file i built from that Debian package, and you try it with rssowl? if this works then we'll worry about how to get it into java-gcj-compat.
cheers; rsn
On Fri, 2006-08-04 at 08:56 +1000, Raif S. Naffah wrote:
how about if i send you my copy of the cacerts.gkr file i built from that Debian package, and you try it with rssowl? if this works then we'll worry about how to get it into java-gcj-compat.
Ok. I don't know how long rssowl will be broken though. Hopefully not long, but rssowl seems to be cursed in this regard. :-)
AG
java-devel@lists.fedoraproject.org
-
Anthony Green -
Raif S. Naffah -
Tom Tromey