Re: lang/openjdk11 certificates

[Jonathan Perkin <jperkin%joyent.com@localhost>]

* On 2021-01-26 at 13:55 GMT, Ryo ONODERA wrote:

> David Brownlee <abs%absd.org@localhost> writes:
> 
> > On Sun, 24 Jan 2021 at 00:34, Robert Swindells <rjs%fdy2.co.uk@localhost> wrote:
> >>
> >> Is anyone able to use lang/openjdk11 to do any https connections ?
> >>
> >> Trying to use maven with it results in an error that trustAnchors are
> >> empty.
> >>
> >> Using lang/openjdk8 does work.
> >
> > I think that while both openjdk8 and openjdk11 build a default set of
> > certificates, only openjdk8 installs them (running up a test to try to
> > add them to the openjdk11 package this end to see if it affects the
> > behaviour)
> 
> I think cecerts file is installed as java/openjdk11/lib/security/cecrts,
> however it is not used properly.
> 
> cecerts's password is "changeit" and it is as same as jdk's default
> password, and the password should be used automatically.
> 
> If you specify the password explicitly, SSL/TLS error will disappear
> like:
> 
> $ openjdk11-java -Djavax.net.ssl.trustStorePassword=changeit -jar josm-tested.jar
> 
> I do not find any clue to fix this problem yet.

The options used in our (Joyent) openjdk11 build are slightly
different:

  https://github.com/joyent/pkgsrc-joyent/blob/master/openjdk11/Makefile#L109-L124

You could try those, notably this fix:

  https://github.com/joyent/pkgsrc-joyent/commit/5102e341158451963781108f91aea350f567d4d0

Cheers,

-- 
Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com