> > My point is that the default CAs can also change at any time, and > through means other than our own updates. > > Indeed, the openssl distribution has decided to remove the bundle of > defaults they currently distribute, so some update soon they'll all > disappear... > You are absolutely right - Now I think I understand :). Maybe the safe thing to do here is to simply add a page in sipXconfig where the admin can choose a CA file and import from there. In this way there is 100% control of what content is in sipXconfig's authortities.jks With regard to google needed authority - when this is not found a simply error message will be displayed - that will indicate the admin to first import needed CA
What do you think ? Mircea
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
