[8u] RFR: 8076190: Customizing the generation of a PKCS12 keystore
Alexey Bakhtin
alexey at azul.com
Thu Feb 3 20:29:11 UTC 2022
Hi Martin,
Right now the password-less PKCS12 keystore feature is not critical for us. So, the fixes for the 8245169 would be OK for now.
Thank you for discussion. I will prepare the patch for the JDK-8245169 and send it for review
Thank you
Alexey
> On 3 Feb 2022, at 20:16, Martin Balao <mbalao at redhat.com> wrote:
>
> Hi Alexey,
>
> On Thu, Feb 3, 2022 at 10:38 AM Alexey Bakhtin <alexey at azul.com <mailto:alexey at azul.com>> wrote:
> Yes, according to my investigations Oracle implemented password-less feature as part of JDK-8076190
> So, we have behaviour difference between Oracle and OpenJDK implementation now.
> I think the parity with Oracle is a good reason to backport all features of JDK-8076190 (not PBES2Parameters.java only)
>
> While we agree that Oracle parity is one of the inputs that we take into account when making these backports decisions, it shouldn't be the only one in my view. To put that into context, 8u is now an old release where more stability/backward-compatibility is expected and patches tend to divert more as we move forward. This particular case is an example of that. I asked about other reasons because we can weigh risk with, for example, a common use case and multiple users affected.
>
> Let me ask you 2 questions:
>
> 1) Would backporting only the parts related to 8245169 be a good compromise solution for you?
>
> 2) If not, are you willing to redesign the backport so it does not break compatibility in scenarios where SunJCE is disabled? I've not put thinking into alternatives but I'm open to review whatever you come up with.
>
> Thanks,
> Martin.-
>
More information about the jdk8u-dev
mailing list