Cacerts generation patch for IcedTea6 HEAD

Matthias Klose doko at
Tue Dec 21 03:44:24 PST 2010

Please have a look at the thread "Runtime java cacerts generation" from April 
2010 on this list, not using keytool at all.

On 21.12.2010 12:09, Pavel Tisnovsky wrote:
> It's great to see that TestHttps test passed on patched IcedTea, but I'm
> not sure why VerifyCACerts and TestCACerts tests failed. It seems that
> some certificates are not properly loaded to JVM but I'm not cert. guru
> - Lucas don't you know how to solve this? (Could this have anything to
> do with NSS?)

if NSS is enabled you'll usually have around ~35 test failures

> Contents of tarball:
> jtreg_wo_patch - JTreg results for not patched IcedTea6
> jtreg_with_patch - JTreg results for patched IcedTea6 (+ log file
> generated by TestCACerts regression test)
> jtreg_diffs - diff files generated for above directories
> - new contents of with path applied
> hg_diff - hg diff generated against recent IcedTea6
>> From my point of view: when the two JTreg failures will be resolved, it
> is IMHO ok to add this patch to IcedTea6. I welcome all comments of course.

+    certbegin=`grep -n "^-----BEGIN" "${cert}" | cut -d ":" -f 1`
+    certend=`grep -n "^-----END" "${cert}" | cut -d ":" -f 1`
+    sed -n "${certbegin},${certend}p" "${cert}" > "${tempfile}"

Is this guaranteed to work with all files around there?


More information about the distro-pkg-dev mailing list