[8u] Is it possible to bring root certificates to OpenJDK 8 [JEP319] ?
sean.mullan at oracle.com
Fri Mar 22 19:33:27 UTC 2019
On 3/21/19 6:20 AM, Langer, Christoph wrote:
> I recently came across a scenario where I wanted to use a self-built OpenJDK 8 in a maven build and it could not download artefacts due to missing root certificates. I helped myself by replacing the cacerts with some other version from a later OpenJDK and came over the issue. However, I’ve asked myself whether it was possible/worthwhile to get the root certificates also into an OpenJDK 8 update?
> With JEP 319 , Oracle has open-sourced the root certificates into OpenJDK. The initial check-in was done for jdk10, via bug JDK-8189131 . After that, several commits have been made to update the set of root certificates and improve the tests.
> Now my questions are: Is it legally possible to bring these root certificates also into OpenJDK 8? Since it is a JEP, can the “feature” be added to OpenJDK 8 via an update release? And, last but not least, would there be interest in the community for that at all?
I can answer the first two questions. I talked to one of our Product
Managers who was involved with this JEP and he said that we have
permission to release these certificates as open source at OpenJDK (much
as Mozilla has roots in Firefox). Therefore there should be no concerns
using with OpenJDK 8 or other versions for that matter. If you mean the
jdk8u project specifically, you should check with the current
maintainers for interest in this as I think they currently use other
means for their builds.
> Just trying to start a discussion…
> Best regards
>  http://openjdk.java.net/jeps/319
>  https://bugs.openjdk.java.net/browse/JDK-8189131
More information about the jdk8u-dev