RFR: 8275252: Migrate cacerts from JKS to password-less PKCS12
Weijun Wang
weijun at openjdk.java.net
Thu Oct 14 19:26:47 UTC 2021
On Thu, 14 Oct 2021 19:07:55 GMT, Michael Osipov <duke at openjdk.java.net> wrote:
> Generating this trust store with Java code like I do?
What do you mean "like you do"? If you accept the proposed format in this PR, then just follow what `GenerateCACerts.java` is doing and how it's called. If you are thinking about reading the openssl trust store, that's not what this PR is for. This PR intends to find a modern format that is 100% interoperable with older JDK releases.
As for the other two tickets, they are related. If JDK-8231107 is resolved, then there's no need to set the 2 system properties. JDK-8194702 is not fixable because the certificates are already encrypted. Instead, https://bugs.openjdk.java.net/browse/JDK-8274913 was proposed, but only newly generated keystores after it will get the benefit.
Still, this PR does not depend on the other two tickets. This PR is about one single keystore -- cacerts -- which can be treated special.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5948
More information about the build-dev
mailing list