[josm-dev] HTTPS changes on osm.org
phaaurlt at gmail.com
Mon Feb 23 01:43:26 UTC 2015
On 23.02.2015 01:51, Vincent Privat wrote:
> I'd prefer not, regarding what happened the last time I played with this
> Besides, it only works for Windows.
It's different in this case, as we don't need to make a web browser like
Firefox accept a certain certificate. The problem is Java-only, so it
should be more or less platform independent.
To add a certificate to Java you would normally use the keytool program
to modify the file $JAVA_HOME/lib/security/cacerts.
This requires root privileges, so it is out of question for JOSM.
Alternatively one could hook into the SSL verification process by
setting a custom implementation of the TrustManager class . This
class would have special handling code for a certain certificate and
otherwise pass the verification to the standard handler.
This is a hack and circumvents the normal Java mechanisms. You have to
be very careful not to introduce bugs and security problems.
I think it is not really worth it and we should switch to plain http for
openstreetmap.org domains, if the StartSSL certificate isn't replaced.
More information about the josm-dev