openjdk team mailing list archive

Thread
Date

[Bug 580982] Re: SunPKCS11 provider auto enabled NSS problem

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Štefan Baebler <580982@xxxxxxxxxxxxxxxxxx>
Date: Fri, 18 May 2012 09:38:56 -0000
Reply-to: Bug 580982 <580982@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This became  more relevant since Sun/Oracle java is now much harder to
install, making Ubuntu less user friendly.

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/580982

Title:
  SunPKCS11 provider auto enabled NSS problem

Status in “openjdk-6” package in Ubuntu:
  Confirmed

Bug description:
  There is a problem with OpenJDK latest version inside Ubuntu 10.04.
  The NSS provider is now enabled by default, breaking the applications
  using the Firefox certificate database, since it is not possible to
  unload the provider once it is already loaded. Applications using JSS
  are also broken.

  http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=473

  Currently we are advising our end user customers to remove OpenJDK and install Sun Java as a workaround.
  Alternative is to remove the provider from security.policy, but it is not possible without a root.

  The reason for auto enabled NSS patch inside Icedtea was to add
  support for ECC algorithms (Elliptic curve cryptograph) so unit tests
  would pass. But it is possible add provider inside code providing such
  algorithms in rare case you need it. However for Keystore support
  there is no alternative with nss enabled patch
  (http://icedtea.classpath.org/hg/icedtea6/file/756cd53fa326/patches
  /icedtea-nss-config.patch).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/580982/+subscriptions

References

[Bug 580982] [NEW] SunPKCS11 provider auto enabled NSS problem
From: Matej Spiller-Muys, 2010-05-15