harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE provider)
Date Wed, 19 Jul 2006 05:36:05 GMT


Mikhail Loenko wrote:
> A long ago we agreed that providers go into a separate module. But
> now I think it's might be not very reasonable.

Well, if it gets to be an issue, we can switch.  Do you remember the
reasons?

> 
> Sun keeps certificates in its own proprietary format (JKS), while we have
> BKS from Bouncy Castle, so files will have to be converted. I can do this
> next week

It's proprietary?  Grrr.  I would be nice if people could use their
existing root cert stores w/ us.  You sure?  :)

> 
> Thanks,
> Mikhail
> 
> 2006/7/19, Geir Magnusson Jr <geir@pobox.com>:
>>
>>
>> Tim Ellison wrote:
>> > Geir Magnusson Jr wrote:
>> >> I'm integrating HARMONY-536, the JSSE provider.  Two things:
>> >>
>> >> 1) it's contributed to go into x-net, but the package namespace is
>> >>
>> >>   o.a.h.security.provider.jsse
>> >>
>> >> so I wonder if this would be better off in the security module.  If
>> not,
>> >> we are stuck because we don't have a 'negative' patternset for jar
>> >> packaging, so it's getting sucked into security jar right now
>> anyway :)
>> >
>> > IMHO it should be in x-net.  Can't you rename the package?
>> >
>>
>> Of course.  Something was going to get moved, just wanted to see any
>> other opinions..
>>
>>
>> >> 2) I have a little test proggie that shows that it's negotiating w/
>> the
>> >> other side, but given we have no cacerts, it whines and gives up.
>> (It's
>> >> a reasonable whine...)  Lazily and naively, I threw the cacerts from
>> >> Sun's JRE into jre/lib/security and prayed, but the security
>> deities are
>> >> not smiling on me today.  So, where does/what format/etc/etc should
>> our
>> >> root cert file go?
>> >
>> > Dunno.  I know you were just playing, but AIUI the use of root
>> > certificates for popular CA's cost $'s don't they?
>>
>> I didn't think so.  I thought that they gave the root certs away because
>>  the value of a cert provider is directly proportional to the amount of
>> software out there that can understand it's certs...
>>
>> >
>> > Hopefully Boris will enlighten us to the format used.
>> >
>> > Regards,
>> > Tim
>> >
>>
>> ---------------------------------------------------------------------
>> Terms of use : http://incubator.apache.org/harmony/mailing.html
>> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>>
>>
> 
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> 
> 
> 

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message