RFR 8201290: keytool importcert fails with CertificateParsingException if unknown certificate algorithms should be imported
Sean Mullan
sean.mullan at oracle.com
Mon Aug 6 18:50:14 UTC 2018
On 8/6/18 11:14 AM, Weijun Wang wrote:
> That would be a real behavior change and I want to be safe.
I'm not seeing how this would be a behavior change if it is a new
option, can you add more details on that? If I specify -providerName,
intuitively I would expect it would be used, at least as the first one.
> -providername is now used by "keytool -importcert" to choose keystore implementations. I am not sure if someone already using -providername for this purpose might encounter any unexpected change.
How does that relate to -printcert?
--Sean
>
> We can rethink about this decision if there is a real world problem. Maybe a single -providername is inadequate for complicated scenarios.
>
> Thanks
> Max
>
>
>> On Aug 6, 2018, at 10:38 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>> Maybe, the specified provider should be honored firstly?
>>
>> Xuelei
>>
>> On 8/6/2018 1:53 AM, Weijun Wang wrote:
>>> Ping again.
>>> Also please take a review at the CSR at https://bugs.openjdk.java.net/browse/JDK-8208689.
>>> Thanks
>>> Max
>>>> On Aug 2, 2018, at 10:28 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>
>>>> Please take a review at
>>>>
>>>> http://cr.openjdk.java.net/~weijun/8201290/webrev.00/
>>>>
>>>> Please note I didn't use srcProviderName as suggested in the bug report. It was designed to be used by the "keytool -importkeystore" command only.
>>>>
>>>> Thanks
>>>> Max
>>>>
>
More information about the security-dev
mailing list