harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boris Kuznetsov" <boris.v.kuznet...@gmail.com>
Subject Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE provider)
Date Wed, 19 Jul 2006 06:18:42 GMT
Right.
Harmony uses BKS as default format.
But I'm not sure that converting of SUN's cacerts is OK from legal
point of view.

Thanks,
Boris

On 7/19/06, Mikhail Loenko <mloenko@gmail.com> wrote:
> A long ago we agreed that providers go into a separate module. But
> now I think it's might be not very reasonable.
>
> Sun keeps certificates in its own proprietary format (JKS), while we have
> BKS from Bouncy Castle, so files will have to be converted. I can do this
> next week
>
> Thanks,
> Mikhail
>
> 2006/7/19, Geir Magnusson Jr <geir@pobox.com>:
> >
> >
> > Tim Ellison wrote:
> > > Geir Magnusson Jr wrote:
> > >> I'm integrating HARMONY-536, the JSSE provider.  Two things:
> > >>
> > >> 1) it's contributed to go into x-net, but the package namespace is
> > >>
> > >>   o.a.h.security.provider.jsse
> > >>
> > >> so I wonder if this would be better off in the security module.  If not,
> > >> we are stuck because we don't have a 'negative' patternset for jar
> > >> packaging, so it's getting sucked into security jar right now anyway :)
> > >
> > > IMHO it should be in x-net.  Can't you rename the package?
> > >
> >
> > Of course.  Something was going to get moved, just wanted to see any
> > other opinions..
> >
> >
> > >> 2) I have a little test proggie that shows that it's negotiating w/ the
> > >> other side, but given we have no cacerts, it whines and gives up. (It's
> > >> a reasonable whine...)  Lazily and naively, I threw the cacerts from
> > >> Sun's JRE into jre/lib/security and prayed, but the security deities are
> > >> not smiling on me today.  So, where does/what format/etc/etc should our
> > >> root cert file go?
> > >
> > > Dunno.  I know you were just playing, but AIUI the use of root
> > > certificates for popular CA's cost $'s don't they?
> >
> > I didn't think so.  I thought that they gave the root certs away because
> >  the value of a cert provider is directly proportional to the amount of
> > software out there that can understand it's certs...
> >
> > >
> > > Hopefully Boris will enlighten us to the format used.
> > >
> > > Regards,
> > > Tim
> > >
> >
> > ---------------------------------------------------------------------
> > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message