#18879 closed enhancement (worksforme)
[Patch] Allow to opt-out from JOSM's certificate amendment
| Reported by: | simon04 | Owned by: | simon04 |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Core | Version: | |
| Keywords: | tls certificates yourkit | Cc: |
Description
Attachments (1)
Change History (8)
by , 4 years ago
| Attachment: | 18879.patch added |
|---|
follow-up: 4 comment:3 by , 4 years ago
Reduced initialization time, reduced memory consumption, reduced complexity (for users not needed the supplementary certificates), reduced attack surface (for suspicious users).
comment:4 by , 4 years ago
Replying to simon04:
Reduced initialization time, reduced memory consumption
Small compared to immense amount of stuff we do
reduced complexity (for users not needed the supplementary certificates)
An opt-out icreased the complexity - it does not reduce it.
, reduced attack surface (for suspicious users).
We don't decide about certs ourself. We only override the slowness of the Java world to follow the rest of the world.
If I weight the minimal advantages against the disadvantages we will have to deal with when users fail to load perfectly valid imagery I don't see much benefit in this.
comment:5 by , 4 years ago
It is already possible if you run JOSM with --offline=certificates. What do you want more?
comment:6 by , 4 years ago
| Milestone: | 20.03 |
|---|---|
| Resolution: | → worksforme |
| Status: | assigned → closed |
And we have also this property since r9995:
/** * Add missing root certificates to the list of trusted certificates for TLS connections. * @throws IOException if an I/O error occurs * @throws GeneralSecurityException if a security error occurs */ public static void addMissingCertificates() throws IOException, GeneralSecurityException { if (!Config.getPref().getBoolean("tls.add-missing-certificates", true)) return;
comment:7 by , 4 years ago
I'm stupid, it was just in front of my eyes, but I overlooked it. Thanks for the clarification, Vincent!
Previously on the heap: