FWIW - we backported these in the AdoptOpenJDK 8 builds and could provide a patch to upstream that change.
Cheers, Martijn On Fri, 22 Mar 2019 at 19:35, Sean Mullan <[email protected]> wrote: > Hi Christoph, > > On 3/21/19 6:20 AM, Langer, Christoph wrote: > > Hi, > > > > I recently came across a scenario where I wanted to use a self-built > OpenJDK 8 in a maven build and it could not download artefacts due to > missing root certificates. I helped myself by replacing the cacerts with > some other version from a later OpenJDK and came over the issue. However, > I’ve asked myself whether it was possible/worthwhile to get the root > certificates also into an OpenJDK 8 update? > > > > With JEP 319 [0], Oracle has open-sourced the root certificates into > OpenJDK. The initial check-in was done for jdk10, via bug JDK-8189131 [1]. > After that, several commits have been made to update the set of root > certificates and improve the tests. > > > > Now my questions are: Is it legally possible to bring these root > certificates also into OpenJDK 8? Since it is a JEP, can the “feature” be > added to OpenJDK 8 via an update release? And, last but not least, would > there be interest in the community for that at all? > > I can answer the first two questions. I talked to one of our Product > Managers who was involved with this JEP and he said that we have > permission to release these certificates as open source at OpenJDK (much > as Mozilla has roots in Firefox). Therefore there should be no concerns > using with OpenJDK 8 or other versions for that matter. If you mean the > jdk8u project specifically, you should check with the current > maintainers for interest in this as I think they currently use other > means for their builds. > > --Sean > > > > > Just trying to start a discussion… 😊 > > > > Best regards > > Christoph > > > > [0] http://openjdk.java.net/jeps/319 > > [1] https://bugs.openjdk.java.net/browse/JDK-8189131 > > >
