RFR CSR for 8162628: Migrating cacerts keystore to password-less PKCS12 format
Michael Osipov
1983-01-06 at gmx.net
Sat Jun 1 11:17:31 UTC 2019
Am 2019-05-31 um 05:32 schrieb Weijun Wang:
> Please review the CSR at
>
> https://bugs.openjdk.java.net/browse/JDK-8224891
>
> (Oh, I hate the CSR having a different bug id.)
>
> Basically, with this change, the cacerts file can be loaded with
>
> KeyStore.getInstance("JKS" or "PKCS12").load(stream, null or anything) or
> KeyStore.getInstance(new File("cacerts"), null or anything)
>
> so hopefully all your old code should still work.
>
> I've also opened another RFE [1] that intends to find a different way to tag jdkCA entries in cacerts other than appending "[jdk]" to the alias.
Can you please explain why not simple PEM bundles like OpenSSL have been
chosen? This could have eased maintenance by factors, plus it is easy
greppable.
More information about the security-dev
mailing list