RFR CSR for 8162628: Migrating cacerts keystore to password-less PKCS12 format

Langer, Christoph christoph.langer at sap.com
Fri May 31 08:27:35 UTC 2019


Hi Max,

I've already made some updates to the wording in the CSR.

In the specification section, it should probably also not mention the source location src/java.base/share/lib/security/cacerts as it is about to be eliminated by JDK-8193255. It should rather refer to <JDK>/lib/security/cacerts, I think.

Best regards
Christoph

> -----Original Message-----
> From: security-dev <security-dev-bounces at openjdk.java.net> On Behalf Of
> Weijun Wang
> Sent: Freitag, 31. Mai 2019 05:33
> To: security-dev at openjdk.java.net
> Subject: RFR CSR for 8162628: Migrating cacerts keystore to password-less
> PKCS12 format
> 
> Please review the CSR at
> 
>    https://bugs.openjdk.java.net/browse/JDK-8224891
> 
> (Oh, I hate the CSR having a different bug id.)
> 
> Basically, with this change, the cacerts file can be loaded with
> 
>    KeyStore.getInstance("JKS" or "PKCS12").load(stream, null or anything) or
>    KeyStore.getInstance(new File("cacerts"), null or anything)
> 
> so hopefully all your old code should still work.
> 
> I've also opened another RFE [1] that intends to find a different way to tag
> jdkCA entries in cacerts other than appending "[jdk]" to the alias.
> 
> Thanks,
> Max
> 
> [1] https://bugs.openjdk.java.net/browse/JDK-8225099



More information about the security-dev mailing list