Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE provider)

[George Harley]

Geir Magnusson Jr wrote:
Tim Ellison wrote:
  
Geir Magnusson Jr wrote:
    
I'm integrating HARMONY-536, the JSSE provider.  Two things:
1) it's contributed to go into x-net, but the package namespace is

  o.a.h.security.provider.jsse

so I wonder if this would be better off in the security module.  If not,
we are stuck because we don't have a 'negative' patternset for jar
packaging, so it's getting sucked into security jar right now anyway :)
      
IMHO it should be in x-net.  Can't you rename the package?

    

Of course.  Something was going to get moved, just wanted to see any
other opinions..


  
2) I have a little test proggie that shows that it's negotiating w/ the
other side, but given we have no cacerts, it whines and gives up. (It's
a reasonable whine...)  Lazily and naively, I threw the cacerts from
Sun's JRE into jre/lib/security and prayed, but the security deities are
not smiling on me today.  So, where does/what format/etc/etc should our
root cert file go?
      
Dunno.  I know you were just playing, but AIUI the use of root
certificates for popular CA's cost $'s don't they?
    

I didn't think so.  I thought that they gave the root certs away because
 the value of a cert provider is directly proportional to the amount of
software out there that can understand it's certs...

  


Hi Geir,

I think you are right. The kind of information we would want to have in 
a Harmony cacerts file is available from CA web sites (e.g. Verisign and 
Thawte). Inclusion of Thawte root certs requires accepting their license 
which is available on the repository access page [1]. It seems pretty 
harmless (famous last words).

I guess that in order to build our own Harmony cacerts file we would 
need to retrieve the root certs information from each CA in turn being 
careful to check out the terms of any associated licenses.

Best regards,
George


[1] http://www.thawte.com/roots/index.html



Hopefully Boris will enlighten us to the format used.

Regards,
Tim

    

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


  


---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]