Summary: | sys-apps/baselayout-java: generate cacerts also in PKCS#12 format (and JREs and JDKs >= 9 should consume this file) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Florian Schmaus <flow> |
Component: | Current packages | Assignee: | Java team <java> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | gentoo, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=827146 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | java.io.IOException: stream does not represent a PKCS12 key store |
Description
Florian Schmaus
2020-03-12 21:06:41 UTC
Created attachment 618168 [details]
java.io.IOException: stream does not represent a PKCS12 key store
An alternative to the approach in PR #19107 would be to have the openjdk ebuilds patch conf/security/java.security with s/^keystore.type=pkcs12/keystore.type=jks/ This would also require no changes to baselayout-java. OTOH it feels like a step backwards, e.g. using legacy/old JKS instead of PKCS12 used by newer Java versions. PR #19136 is what I currently do to fix the issue. But the real solution would be baselayout-java taking care that also a PKCS12 formated trust store, e.g. /etc/ssl/certs/java/cacerts.p12, is created. Note that this seems to be only cause if the Bouncy Castle Security Provider is involved. It does not appears to respect the keystore.type.compat=true settings in $JAVA_HOME/conf/security/java.security. PRs are closed. |