On Tue, 2009-11-17 at 23:51 +0200, Mircea Mihai Carasel wrote: > > > On Tue, Nov 17, 2009 at 6:30 PM, Scott Lawrence > <[email protected]> wrote: > On Tue, 2009-11-17 at 18:03 +0200, Mircea Mihai Carasel wrote: > > > > > > > > How about we pre-install some root CAs in > > etc/sipxpbx/ssl/authorities - the > > rest will just happen automagically... > > > > Ant tool has support to execute a Java program from within > an Ant > > task: > > > > http://ant.apache.org/manual/CoreTasks/java.html > > > > So we can execute an ant task in sipXconfig pre-install > phase (maybe > > when ant 'install' task is executed) that will > > execute a java program. This java program will copy JDK > specific > > truststores from cacerts into our sipXconfig authorities.jks > file > > > > What do you think about this solution? > > > It's not good enough to make changes at install time. The CA > certificates can change at any time.
> My intention was to put only the *default* CAs (from JDK cacerts) at > install time. There is no problem to reuse this mechanism anytime > other such changes are wanted/needed. > Is this OK ? My point is that the default CAs can also change at any time, and through means other than our own updates. Indeed, the openssl distribution has decided to remove the bundle of defaults they currently distribute, so some update soon they'll all disappear... _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
