harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Mishura" <stepan.mish...@gmail.com>
Subject Re: SSL connections and cacerts
Date Thu, 20 Mar 2008 06:39:53 GMT
On 3/19/08, Wim Vander Schelden <wim@fixnum.org> wrote:
> Stepan Mishura wrote:
> > It sounds like you used cacerts file (RI's?) that is in JSK format.
> > This definitely doesn't work with Harmony because JKS is a Sun's
> > proprietary standard [1]. You should provide cacerts file in
> > PKCS12(IIRC) format. PKCS12 implemented in Bouncy Castle security
> > provider and used by Harmony.
> >
> So the easiest way to do this would be by using the keytool included in
> Harmony, I assume?
> Will Harmony look at the cacerts file in the lib/security directory, or
> do I need to instruct it to do
> so somehow? And what password should I use for the keystore?

Theoretically, keytool is used to create the file with required
certificates and the file is placed to default location (i.e.
lib/security) and after that everything should work. But practically I
don't know if it work or not - I didn't try it by myself and as I
recall there were intentions and promises to create acceptable cacerts
file for Hamony but I don't remember any report about the progress or
failure. Also there was suggestion to convert existing cacerts file in
JKS format into BKS format but that got stuck in legal
questions/doubts. You may aslo wish to try to use SUN's provider
(which understands JSK format) and JKS cacerts file with Harmony (I
think if is work then this would be very exciting!)

So you are free to experiment! And if you have any results please let us know.


> Is there a reason why such a file is not distributed with Harmony by
> default?
> > Thanks,
> > Stepan.
> Thanks for your help,
> Wim

View raw message