openjdk team mailing list archive

[Tiago Daitx <tiago.daitx@xxxxxxxxxxxxx>]

ca-certificates-java needs to be backported to stretch as well.

On Fri, Nov 23, 2018 at 7:33 AM Robert Lemmen <robertle@xxxxxxxxxxxxxx> wrote:
>
> Source: openjdk-11
> Severity: normal
>
> hi folks,
>
> I was using the brand new openjdk-11 packages in stretch-backports.
> thanks for providing these! they generally seem to work for me, but I
> found that I cannot make TS connections. some googling revealed that the
> default format for the cacert files jdk reads changed from jks to pkcs12
> or so. there seem to be plenty of reports aboutthis problem e.g. [0].
>
> I managed to work around it by doing this:
>
> +    echo "javax.net.ssl.trustStorePassword=changeit" \
> +            >> /etc/java-11-openjdk/management/management.properties && \
> +    /usr/bin/printf '\xfe\xed\xfe\xed\x00\x00\x00\x02\x00\x00\x00\x00\xe2\x68\x6e\x45\xfb\x43\xdf\xa4\xd9\x92\xdd\x41\xce\xb6\xb2\x1c\x63\x30\xd7\x92' > /etc/ssl/certs/java/cacerts && \
> +    /var/lib/dpkg/info/ca-certificates-java.postinst configure
>
> but I guess a better solution is needed
>
> regards  robert
>
>
> -- System Information:
> Debian Release: buster/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15), LANGUAGE=en_GB:en (charmap=ISO-8859-15)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>


--
Tiago Stürmer Daitx
Software Engineer
tiago.daitx@xxxxxxxxxxxxx

PGP Key: 4096R/F5B213BE (hkp://keyserver.ubuntu.com)
Fingerprint = 45D0 FE5A 8109 1E91 866E  8CA4 1931 8D5E F5B2 13BE