Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#12021 - openjdk cacerts file empty
Attached to Project:
Arch Linux
Opened by David Langenbeg (langedb) - Thursday, 06 November 2008, 12:02 GMT-5
Last edited by Jan de Groot (JGC) - Friday, 07 November 2008, 04:13 GMT-5
Opened by David Langenbeg (langedb) - Thursday, 06 November 2008, 12:02 GMT-5
Last edited by Jan de Groot (JGC) - Friday, 07 November 2008, 04:13 GMT-5
|
DetailsDescription:
The cacerts keystore in the openjdk package contains no trusted root keys. This causes the JVM to throw a security exception when trying to perform SSL operations. Additional info: * package version(s) openjdk6-1.3.1-2-i686 * config and/or log files etc. Steps to reproduce: To see problem: Try to use a java application which connects over SSL & does certificate verification. A SSL protected Java-Web-Start app will do the trick. Alternatively, you could run: keytool -list -keystore /usr/lib/jvm/java-1.6.0-openjdk/jre/lib/security/cacerts |
This task depends upon
Comment by Jan de Groot (JGC) -
Friday, 07 November 2008, 04:14 GMT-5
We should generate these from the general ca-certificates package with a hook. I've been looking into this a while ago, but haven't got it working yet. I would expect some default keystore installed by openjdk, but it appears this is up to the distributors with icedtea/openjdk.