[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificat
|
From: |
Roel Janssen |
|
Subject: |
[PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates. |
|
Date: |
Fri, 10 Feb 2017 12:32:26 +0100 |
0001-gnu-icedtea-8-Build-keystore-without-id-ecPublicKey-.patch
Description: Text Data
Dear Guix,
Currently, for icedtea-8 we use an empty "keystore". This results in
Java processes using our icedtea-8 package not being able to verify
the validity of a certificate from a CA, because there are none in its
store.
This patch imports most certificates from nss-certs. Those using a
"id-ecPublicKey" public key algorithm are left out.
I realize this patch is big and inelegant, so I welcome anyone to come
up with suggestions. For example, could I somehow gather the public key
algorithm from the certificate and then check that instead of creating
this blacklist?
Thanks!
Kind regards,
Roel Janssen
- [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates.,
Roel Janssen <=