Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 54E1A10982 for ; Tue, 12 Nov 2013 05:49:58 +0000 (UTC) Received: (qmail 32724 invoked by uid 500); 12 Nov 2013 05:49:57 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 32685 invoked by uid 500); 12 Nov 2013 05:49:56 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 32547 invoked by uid 99); 12 Nov 2013 05:49:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Nov 2013 05:49:56 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [162.210.70.57] (HELO us2.outbound.mailhostbox.com) (162.210.70.57) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Nov 2013 05:49:50 +0000 Received: from localhost (ec2-75-101-146-23.compute-1.amazonaws.com [75.101.146.23]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: tsp@v0g0n.org) by us2.outbound.mailhostbox.com (Postfix) with ESMTPSA id 9678E8F06DD; Tue, 12 Nov 2013 05:49:24 +0000 (GMT) Date: Tue, 12 Nov 2013 11:19:20 +0530 From: Prasanna Santhanam To: dev@cloudstack.apache.org Cc: Syed Ahmed Subject: Re: SSL and JCE Message-ID: <20131112054920.GA4305@cloud-2.local> Mail-Followup-To: dev@cloudstack.apache.org, Syed Ahmed References: <52814A77.1050203@cloudops.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-CTCH-RefID: str=0001.0A020209.5281C167.0033,ss=1,re=0.100,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-VOD: Unknown X-CTCH-Spam: Unknown X-CTCH-Score: 0.100 X-CTCH-Rules: SUBJECT_NEEDS_ENCODING, X-CTCH-Flags: 0 X-CTCH-ScoreCust: 0.000 X-CTCH-SenderID: tsp@apache.org X-CTCH-SenderID-TotalMessages: 1 X-CTCH-SenderID-TotalSpam: 0 X-CTCH-SenderID-TotalSuspected: 0 X-CTCH-SenderID-TotalBulk: 0 X-CTCH-SenderID-TotalConfirmed: 0 X-CTCH-SenderID-TotalRecipients: 0 X-CTCH-SenderID-TotalVirus: 0 X-CTCH-SenderID-BlueWhiteFlag: 0 X-Scanned-By: MIMEDefang 2.72 on 172.16.214.8 X-Virus-Checked: Checked by ClamAV on apache.org My MacOSX 1.6 jdk seems to have the crypto extensions jce builtin and the build+test works. JDK 1.7 install does not have them though. The JCE kit seems to carry a BCL which is not ASF friendly [1]. But this being part of the Java install and not the project it should be okay IMO if we note it in our wiki on building the project. As for legal aspects - I found this which might be of some relevance. http://markmail.org/message/evtkc656gewrkruf [1] http://www.apache.org/legal/3party.html#transition-examples On Mon, Nov 11, 2013 at 10:45:12PM +0100, Laszlo Hornyak wrote: > Hi, > > That is a good question, I do not know for sure, but this package needs to > be signed by oracle, it is not redistributable and has teritorial import > restrictions, so it could be problematic :-( I hope it is not. Guys, can > someone help us here? > > > On Mon, Nov 11, 2013 at 10:21 PM, Syed Ahmed wrote: > > > Hi Laszlo, > > > > The CertService uses BouncyCastle for certificate parsing and validation. > > The JCE extension provides the API for using BouncyCastle as the provider. > > So, JCE is required. I know that BouncyCastle is added in CS. Would it be > > possible to add JCE as a dependency too? > > > > Thanks, > > -Syed > > > > > > On 13-11-10 09:55 AM, Laszlo Hornyak wrote: > > > >> Hi Sahmed and list, > >> > >> I ran into some failing tests this weekend related to the patch > >> 0076307863e9155273d9e4c14282de429388c9e9 apparently jenkins fails for > >> the same reason. I did a short investigation and it turned out that in > >> order to run the tests correctly, one has to download the sun jce policy > >> files and put it in the jdk replacing the original policies. > >> > >> Questions: > >> - Is there a more convenient deployment process? :-) It would be very > >> useful for the jenkins environment as well. > >> - I gave it a try and patched the oracle jdk 1.7 with the same plugin, it > >> did not work. Do you know a way to make it work again with jdk 1.7? > >> > >> Thank you, > >> Laszlo > >> > >> -- > >> > >> EOF > >> > > > > > > > -- > > EOF -- Prasanna., ------------------------ Powered by BigRock.com