[Bug 910507] New: bouncycastle security provider not registered on pkg install, edits to java.security config file not persistent across version upgrades
http://bugzilla.opensuse.org/show_bug.cgi?id=910507 Bug ID: 910507 Summary: bouncycastle security provider not registered on pkg install, edits to java.security config file not persistent across version upgrades Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: x86-64 OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Java Assignee: bnc-team-java@forge.provo.novell.com Reporter: grantksupport@operamail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- on 13.2 I've installed jdk/jre both Sun & OpenJDK rpm -qa | grep -i jdk jdk1.8.0_25-1.8.0_25-fcs.x86_64 java-1_8_0-openjdk-1.8.0.40~b12-52.1.x86_64 java-1_8_0-openjdk-headless-1.8.0.40~b12-52.1.x86_64 java-1_8_0-openjdk-devel-1.8.0.40~b12-52.1.x86_64 java-1_8_0-openjdk-javadoc-1.8.0.40~b12-52.1.noarch In order to get necessary, up-to-date cipher/algo support, I've installed rpm -qa | grep -i bouncy bouncycastle-1.46-13.1.3.noarch Per the wiki at http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation "... Installing the Provider Statically To install the provider statically you need to add it as an entry to the java.security file which can be found in $JAVA_HOME/jre/lib/security/java.security for the JRE/JDK you are using. Look for a list of lines with security.provider.X where X is some number. At the bottom of the list add the line: security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider where N is one more than the last number in the list. It is possible to add the provider higher up in the list. If you do this we recommend you don't add it earlier than position 2 as there are occasionally internal dependencies on the provider at position 1 which may cause some operations by your JVM to result in errors. ..." so, both of these need to be edited /usr/java/jdk1.8.0_25/jre/lib/security/java.security /usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/lib/security/java.security to ... security.provider.1=sun.security.provider.Sun + security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider - security.provider.2=sun.security.rsa.SunRsaSign - security.provider.3=sun.security.ec.SunEC - security.provider.4=com.sun.net.ssl.internal.ssl.Provider - security.provider.5=com.sun.crypto.provider.SunJCE - security.provider.6=sun.security.jgss.SunProvider - security.provider.7=com.sun.security.sasl.Provider - security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI - security.provider.9=sun.security.smartcardio.SunPCSC + security.provider.3=sun.security.rsa.SunRsaSign + security.provider.4=sun.security.ec.SunEC + security.provider.5=com.sun.net.ssl.internal.ssl.Provider + security.provider.6=com.sun.crypto.provider.SunJCE + security.provider.7=sun.security.jgss.SunProvider + security.provider.8=com.sun.security.sasl.Provider + security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI + security.provider.10=sun.security.smartcardio.SunPCSC ... (1) shouldn't the install of the bouncy rpm make those changes? i understand that priority would need to be set -- perhaps in a /etc/sysconfig/bouncy ? then processed ... (2) making edits to those files ^^^ will not survive jdk/jre version upgrades. user/admin modifications to java security.provider settings should be persistent -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=910507
grant k
http://bugzilla.opensuse.org/show_bug.cgi?id=910507
grant k
http://bugzilla.opensuse.org/show_bug.cgi?id=910507
grant k
http://bugzilla.opensuse.org/show_bug.cgi?id=910507
Fridrich Strba
http://bugzilla.opensuse.org/show_bug.cgi?id=910507
--- Comment #5 from Fridrich Strba
rpm -qc java-1_8_0-openjdk-headless /usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/lib/security/blacklisted.certs /usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/lib/security/java.policy /usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/lib/security/java.security
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=910507
--- Comment #6 from Tomáš Chvátal
http://bugzilla.opensuse.org/show_bug.cgi?id=910507
--- Comment #7 from grant k
participants (1)
-
bugzilla_noreply@novell.com