Re: [Jessie-discuss] Paypal https failure

[Eric Wong]

Thanks for the pointers, Casey. The last option you mentioned seems
eazier to me. I will give it a try.
Eric

On Nov 28, 2007 2:34 AM, Casey Marshall <address@hidden> wrote:
> On Nov 27, 2007 9:17 AM, Eric Wong <address@hidden> wrote:
> > On Nov 28, 2007 1:02 AM, Casey Marshall <address@hidden> wrote:
> > > That may not do it; the code that's problematic here is in libgcj. You
> > > can, however, replace that code at run-time with another certificate
> > > parsing library (it uses a similar pluggable architecture).
> >
> > Can you give me some pointers?
> >
>
> Like I said, the certificate parser in GNU Classpath is one.
>
> Bouncycastle and OpenJDK both have X.509 certificate parsers;
> Bouncycastle is probably the easiest one to get working, though it
> will include a lot more than you need.
>
> > >
> > > I tried this with GCJ 4.2.1, and it works almost out of the box
> > > (Jessie and GNU Crypto are both included in that release). Grabbing
> > > the 'gnu/java/security/cert' package from GNU Classpath (or GCJ) is a
> > > place to start.
> >
> > Changing GCJ at this point in time can be a real nightmare - I will
> > have to check the rest of my work/ libraries to see if they are all
> > compatibe with it. By the way, we are even running on redhat 8!
> >
> > Do you mean that I can extract part of 'gnu/java/security/cert' as
> > parsing library?
> >
>
> Yes (er, actually, it's gnu/java/security/x509). You'll need to rename
> the package so it doesn't conflict with the gnu.java.security.x509
> package in GCJ.
>
> Your other option is to hack libgcj (the code in
> gnu/java/security/x509) to either handle or ignore the certificate
> attribute that's causing the problem.
>
> Hope this helps.
>