RFR: 8272875: Change the default key manager to PKIX [v2]
Artur Barashev
abarashev at openjdk.org
Tue Apr 29 21:02:49 UTC 2025
On Tue, 29 Apr 2025 18:51:58 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Skip explicit KeyPair initialization and let the provider default set it
>
> test/jdk/sun/security/tools/keytool/PrintSSL.java line 57:
>
>> 55: + "-keystore keystore -storepass passphrase "
>> 56: + "-keypass passphrase -keyalg rsa -keysize 1024 "
>> 57: + "-sigalg MD5withRSA -alias rsa_alias -dname CN=Server");
>
> I think it would be better to use the current weak algorithms (as the comment on line 53 notes) and set the server's keymanager to SunX509 (with the `javax.net.ssl.keyStoreType` system prop) as it seems the purpose of this test is to ensure `keytool -printcert -sslserver` can deal with weak algorithms in certs.
Indeed, good catch!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24756#discussion_r2067424166
More information about the net-dev
mailing list