openjdk team mailing list archive

[Nitya Doraisamy <nitya.doraisamy@xxxxxxx>]

Public bug reported:

open jdk 6 truststore setting "javax.net.ssl.trustStore" i.e
"/etc/ssl/certs/ca-certificates.crt " points to an area in the
filesystem (/etc/ssl) that usually requires privileged access for read,
write and execute.

So any app run as a regular user that were to implicitly depend on the
default truststore could end up not working in Ubuntu unless they
overrode with a custom system prop which they were not earlier doing.
This may be a problem for Java apps that did not have such an setting
made earlier.

Seems to be by the following icedtea patch,
http://icedtea.classpath.org/hg/icedtea6/file/d0081b7856c8/patches/icedtea-certbundle.patch 

The "javax.net.ssl.trustStorePassword" has been set to an empty string
too. Why?

** Affects: openjdk-6 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
open jdk 6 truststore points to privileged access area
https://bugs.launchpad.net/bugs/224455
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in Source Package "openjdk-6" in Ubuntu: New

Bug description:
open jdk 6 truststore setting "javax.net.ssl.trustStore" i.e "/etc/ssl/certs/ca-certificates.crt " points to an area in the filesystem (/etc/ssl) that usually requires privileged access for read, write and execute. 

So any app run as a regular user that were to implicitly depend on the default truststore could end up not working in Ubuntu unless they overrode with a custom system prop which they were not earlier doing. This may be a problem for Java apps that did not have such an setting made earlier. 

Seems to be by the following icedtea patch,
http://icedtea.classpath.org/hg/icedtea6/file/d0081b7856c8/patches/icedtea-certbundle.patch 

The "javax.net.ssl.trustStorePassword" has been set to an empty string too. Why?