|
 |
4821c37 |
# HG changeset patch
|
|
|
4821c37 |
# User andrew
|
|
|
4821c37 |
# Date 1459487045 -3600
|
|
|
4821c37 |
# Fri Apr 01 06:04:05 2016 +0100
|
|
|
4821c37 |
# Node ID 3334efeacd8327a14b7d2f392f4546e3c29c594b
|
|
|
4821c37 |
# Parent 6b81fd2227d14226f2121f2d51b464536925686e
|
|
|
4821c37 |
PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
|
|
 |
2a3db76 |
PR3575: System cacerts database handling should not affect jssecacerts
|
|
|
4821c37 |
|
|
|
2a3db76 |
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
|
|
2a3db76 |
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
|
|
2a3db76 |
+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
|
|
2a3db76 |
@@ -72,7 +72,7 @@
|
|
|
2a3db76 |
* The preference of the default trusted KeyStore is:
|
|
|
2a3db76 |
* javax.net.ssl.trustStore
|
|
|
2a3db76 |
* jssecacerts
|
|
|
2a3db76 |
- * cacerts
|
|
|
2a3db76 |
+ * cacerts (system and local)
|
|
|
2a3db76 |
*/
|
|
|
2a3db76 |
private static final class TrustStoreDescriptor {
|
|
|
2a3db76 |
private static final String fileSep = File.separator;
|
|
|
2a3db76 |
@@ -83,6 +83,10 @@
|
|
|
2a3db76 |
defaultStorePath + fileSep + "cacerts";
|
|
|
2a3db76 |
private static final String jsseDefaultStore =
|
|
|
2a3db76 |
defaultStorePath + fileSep + "jssecacerts";
|
|
|
2a3db76 |
+ /* Check system cacerts DB: /etc/pki/java/cacerts */
|
|
|
2a3db76 |
+ private static final String systemStore =
|
|
|
2a3db76 |
+ fileSep + "etc" + fileSep + "pki" +
|
|
|
2a3db76 |
+ fileSep + "java" + fileSep + "cacerts";
|
|
|
4821c37 |
|
|
|
2a3db76 |
// the trust store name
|
|
|
2a3db76 |
private final String storeName;
|
|
|
2a3db76 |
@@ -146,7 +150,8 @@
|
|
|
2a3db76 |
long temporaryTime = 0L;
|
|
|
2a3db76 |
if (!"NONE".equals(storePropName)) {
|
|
|
2a3db76 |
String[] fileNames =
|
|
|
2a3db76 |
- new String[] {storePropName, defaultStore};
|
|
|
2a3db76 |
+ new String[] {storePropName,
|
|
|
2a3db76 |
+ systemStore, defaultStore};
|
|
|
2a3db76 |
for (String fileName : fileNames) {
|
|
|
2a3db76 |
File f = new File(fileName);
|
|
|
2a3db76 |
if (f.isFile() && f.canRead()) {
|
|
|
2a3db76 |
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
|
|
2a3db76 |
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
|
|
4821c37 |
+++ openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
|
|
2a3db76 |
@@ -108,9 +108,14 @@
|
|
|
4821c37 |
throws Exception
|
|
|
4821c37 |
{
|
|
|
4821c37 |
String sep = File.separator;
|
|
|
4821c37 |
- File file = new File(System.getProperty("java.home") + sep
|
|
|
4821c37 |
- + "lib" + sep + "security" + sep
|
|
|
4821c37 |
- + "cacerts");
|
|
|
4821c37 |
+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
|
|
|
4821c37 |
+ File file = new File(sep + "etc" + sep + "pki" + sep
|
|
|
4821c37 |
+ + "java" + sep + "cacerts");
|
|
|
4821c37 |
+ if (!file.exists()) {
|
|
|
4821c37 |
+ file = new File(System.getProperty("java.home") + sep
|
|
|
4821c37 |
+ + "lib" + sep + "security" + sep
|
|
|
4821c37 |
+ + "cacerts");
|
|
|
4821c37 |
+ }
|
|
|
4821c37 |
if (!file.exists()) {
|
|
|
4821c37 |
return null;
|
|
|
4821c37 |
}
|