Adding root CAs for GNU Java (gcj, appletviewer, etc.)

Adding root CAs for GNU Java (gcj, appletviewer, etc.)

Post by jayjw » Wed, 19 Sep 2007 05:01:07



I compiled a simple applet and placed it on my webserver. This server uses
mostly SSL for requests, with the signing certificate authority being my
own. To get tools like Firefox, curl, etc. to work with this, one only has
to add the root CA to the list of trusted authorities. There's usually a
menu (in FF) or a file (for curl) to allow this. What does
appletviewer/gappletviewer that comes with GCC (GCJ) use for this
functionality? I've hit the info files for gcj but may be missing what I
need to see.

With SUN's JDK, I believe they use keytool/keystore, and my .keystore file
contains the certificate I"m using. Using the SUN appletviewer works with
or without the .keystore file, in either case, while the GNU gappletviewer
complains about the unknown certificate:

appletviewer https://domain/applet_text.html

works.

While GNU Java complains

gappletviewer https://domain/applet_text.html

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: could
not verify peer certificate: C=US,ST=New York,O=Atr2 Research
Group,OU=SSL-Enabled Webserver,CN=domain,
1.2.840.113549.1.9.1=hostmaster@domain
at gnu.javax.net.ssl.provider.SSLSocket.doClientHandshake(libgcj.so.8)
at gnu.javax.net.ssl.provider.SSLSocket.startHandshake(libgcj.so.8) at
gnu.java.net.protocol.http.HTTPConnection.getSocket(libgcj.so.8) at
gnu.java.net.protocol.http.HTTPConnection.getOutputStream(libgcj.so.8)
at gnu.java.net.protocol.http.Request.dispatch(libgcj.so.8)
(...)


How to get GNU Java/GCJ (g)appletviewer (and probably other GNU Java
tools) to recognize new certificate authorities?

gcj --version
gcj (GCC) 4.2.1

gappletviewer --version
appletviewer (GNU Classpath) 0.92

SUN Java is:

java version "1.6.0_02"
Java(TM) SE Runtime Environment (build 1.6.0_02-b05)
Java HotSpot(TM) Client VM (build 1.6.0_02-b05, mixed mode, sharing)

--
[** America, the police state **]
Whoooose! What's that noise? Why, it's US citizen's
rights, going down the toilet with Bush flushing.
http://www.yqcomputer.com/
http://www.yqcomputer.com/