← Back to team overview

openjdk team mailing list archive

  1. openjdk team
  2. Mailing list archive
  3. Message #12997

[Bug 1771363] Re: ca-certificates-java: convert PKCS12 cacerts keystore to JKS

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package ca-certificates-java - 20180516ubuntu1

---------------
ca-certificates-java (20180516ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable (LP: #1771815). Remaining changes:
    - debian/control: Bump javahelper build dependency.
    - debian/rules:
      + Explicitly depend on openjdk-11-jre-headless, needed to configure.
      + Replace javac arguments '-source 1.7 -target 1.7' with '--release 7'
        as, per JEP-247, it also takes care of setting the right -bootclasspath
        argument.

ca-certificates-java (20180516) unstable; urgency=medium

  * Team upload.

  [ Tiago Stürmer Daitx ]
  * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
    with the right configuration is already supplied by the openjdk packages.
  * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
    and update PATH if a known jvm was found.
  * debian/postinst.in: Detect PKCS12 cacert keystore generated by
    previous ca-certificates-java and convert them to JKS. (Closes: #898678)
    (LP: #1771363)

  [ Matthias Klose ]
  * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
    configure.

  [ Emmanuel Bourg ]
  * Use salsa.debian.org Vcs-* URLs

 -- Tiago Stürmer Daitx <tiago.daitx@xxxxxxxxxx>  Thu, 17 May 2018
13:03:29 +0000

** Changed in: ca-certificates-java (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1771363

Title:
  ca-certificates-java: convert PKCS12 cacerts keystore to JKS

Status in ca-certificates-java package in Ubuntu:
  Fix Released
Status in ca-certificates-java source package in Bionic:
  Triaged
Status in ca-certificates-java package in Debian:
  Fix Released

Bug description:
  The fix for Debian #894979 and Ubuntu bug #1739631 which updated ca-certificates-java to generate
  JKS keystores by default - instead OpenJDK's 9+ default of PKCS12 - only fixes new installs.

  Any user already affected by that issue won't benefit from the fix, as the file /etc/ssl/certs/java/cacerts is at most updated by the jks-keystore hook. The only way to actually change it from the PKCS12 to the JKS format is to remove the cacerts file and then calling
  'update-ca-certificates -f' - which is also accomplished by removing and then reinstalling the ca-certificates-java package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1771363/+subscriptions

References

  Thread PreviousDate PreviousThread Next