So we should 2012/5/31 Dalibor Topic <[email protected]>: > On 5/31/12 2:49 PM, Henri Gomez wrote: >> Hi to all, >> >> It seems cacerts (JAVA_BASE/Contents/Home/jre/lib/security/cacerts) >> are no more correct for stock OpenJDK 7 built on OSX. > > CA certs aren't part of OpenJDK sources. > See > http://hg.openjdk.java.net/jdk7/build/raw-file/tip/README-builds.html#cacerts > for details, in particular: > > "The source contain a cacerts file without CA root certificates. Formal JDK > builders > will need to secure permission from each public CA and include the > certificates into > their own custom cacerts file."
That's why I'm wondering if we could embed (for OSX packages) cacerts available in Apple JDK or rebuild full bunch of cacerts from Mozilla for example (ie: http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt)
