RFR CSR for 8162628: Migrating cacerts keystore to password-less PKCS12 format
Weijun Wang
weijun.wang at oracle.com
Fri May 31 03:32:49 UTC 2019
Please review the CSR at
https://bugs.openjdk.java.net/browse/JDK-8224891
(Oh, I hate the CSR having a different bug id.)
Basically, with this change, the cacerts file can be loaded with
KeyStore.getInstance("JKS" or "PKCS12").load(stream, null or anything) or
KeyStore.getInstance(new File("cacerts"), null or anything)
so hopefully all your old code should still work.
I've also opened another RFE [1] that intends to find a different way to tag jdkCA entries in cacerts other than appending "[jdk]" to the alias.
Thanks,
Max
[1] https://bugs.openjdk.java.net/browse/JDK-8225099
More information about the security-dev
mailing list