[security-dev 01704]: Re: Please review new regression test for java.net.* API
Sean.Mullan at Sun.COM
Thu Mar 18 08:13:17 PDT 2010
Andrew John Hughes wrote:
> This has been posted about before; OpenJDK currently can't bootstrap
> itself because it doesn't have a working cacerts store (the JAXP URL
> uses https).
> I don't know how to solve this; we can certainly have the cacerts file
> populated on GNU/Linux systems, but I don't have a clue how you'd do
> it on Solaris or Windows. How do Sun populate it? Can that be shared?
No. The agreements we have with CAs to include root CA certificates are for our
product releases only, we can't (at least not right now) include them in OpenJDK.
I haven't been following this thread in great detail, but don't existing JSSE
tests cover this?
More information about the security-dev