rsertelon
commented
6 years ago @jlebloas did you manage to make it work properly? If so, did you need to customize the package?
Open jlebloas opened 6 years ago
rsertelon
commented
6 years ago @jlebloas did you manage to make it work properly? If so, did you need to customize the package?
jlebloas
commented
6 years ago @rsertelon To fix it quick I made ugly proxys configurations.
IMHO the good way of handling this would be to add core/cacert as dependency and build the common /etc/ssl/certs/java/cacerts file from the certificates in core/cacert.
Updating JKS store (java trusted certificates) is common in the different OSes I looked at. (eg. archlinux and debian)
Since this is not specific to java 8 this could be done in a separate package that would be added as dependencies of the different java (jre/jdk) plans.
Currently Oracle JVMs come with embedded certificates. They are not always up to date and contains only certificates in
Oracle's Java SE Root CA programI'm currently facing a case where I need to access an url validated by a root certificate
Certignanot included in the JRE but trusted by Chrome and Firefox. IINM OSes often update java trusted certs with one installed on the host. That's the reason why I can on my local jvm fetch the url (https://www.strasbourg.eu/).It would be nice to add core/cacert as dependency and use them. This would improve the security of the java programs using the habitat packaged JVMs
PS: For information OpenJDK 10 http://openjdk.java.net/jeps/319 recently added root certificates http://openjdk.java.net/jeps/319 to reduce differences with the Oracle one, but the issue will be the same since they will not be updated with core/cacert