[8u] request for review: 8062552 Support keystore type detection for JKS and PKCS12 keystores
Vincent Ryan
vincent.x.ryan at oracle.com
Thu May 21 15:44:36 UTC 2015
Please review this enhancement to JDK 8u that addresses a compatibility risk for certain applications that access
keystores across JDK 8 and JDK 9 releases. The issue arises because the default keystore type is now PKCS12 in
JDK 9 but is JKS in earlier releases. The problem can occur when a keystore is created on JDK 9 using the default
keystore type but accessed on JDK 8 also using the default keystore type. This keystore type mismatch results in
an error.
The change introduces a keystore compatibility mode for JKS keystores where both JKS and PKCS12 file formats are
understood. Similar behaviour is already present in JDK 9 (JEP-229). The keystore.type.compat security property
controls whether the mode is enabled or not. By default it is enabled.
This enhancement enables at risk applications to continue to function across JDK 8 and JDK 9 without requiring any
application code changes.
Thanks.
Bug: https://bugs.openjdk.java.net/browse/JDK-8062552
Webrev: http://cr.openjdk.java.net/~vinnie/8062552/webrev.01/
More information about the security-dev
mailing list