[Bug 546843] New: gkeytool lack a support for ECC certificates
http://bugzilla.novell.com/show_bug.cgi?id=546843 User mvyskocil@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=546843#c546468 Summary: gkeytool lack a support for ECC certificates Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: matz@novell.com ReportedBy: mvyskocil@novell.com QAContact: qa@suse.de Found By: Development gkeytool fails on read ECC certificate - this is also in openjdk, but the fix adds a support for Elliptic Curve Cryptography already exists in upstream, but I did not find similar for gcc java. I read a commit log, asked on #openjdk@irc.oftc.net, where many openjdk and gcj developers are, but noone answered me yet. see bnc#546468 for details about openjdk The java-1_5_0-gcj-compat fails on keystore creation: + for key in '/etc/ssl/certs/*.pem' + yes ++ basename /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem + gkeytool-4.4 -import -keystore cacerts -file /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem -storepass '' -alias COMODO_ECC_Certification_Authority.pem keytool error: java.security.cert.CertificateException error: Bad exit status from /var/tmp/rpm-tmp.cYvDZ9 (%prep) I'm going to workaround it in java-1_5_0-gcj-compat by skipping those certificates during keystore creation, to provide a fix immediately to make OpenOffice.org build immediately. But it'd be nice to have gcj with ECC support enabled. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=546843 User mvyskocil@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=546843#c1 --- Comment #1 from Michal Vyskocil <mvyskocil@novell.com> 2009-10-14 06:39:42 MDT --- JFI: the answer from Mark Wielaard [14:35] <mjw> mvyskocil, then the answer currently is sadly no, since gkeytool doesn't use nss, and doesn't have another ecc implementation. So I submit a workaround in java-1_5_0-gcj-compat as a hotfix. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=546843 User matz@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=546843#c2 Michael Matz <matz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #2 from Michael Matz <matz@novell.com> 2009-10-14 12:16:02 MDT --- Yep, you need to filter out that certificate. gnu.crypto doesn't implement ECC and there's no support to use e.g. nss. I'm not sure if ECC will ever be implemented upstream, it's not terribly active. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=546843 http://bugzilla.novell.com/show_bug.cgi?id=546843#c3 --- Comment #3 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (546843) was mentioned in https://build.opensuse.org/request/show/22394 Factory / java-1_5_0-gcj-compat https://build.opensuse.org/request/show/35339 Factory / java-1_5_0-gcj-compat -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=546843 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:2941:moderate -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com