RFR 8238264: Exception thrown when setting javax.net.ssl.keyStoreType = PKCS11
Xuelei Fan
xuelei.fan at oracle.com
Wed Feb 5 19:10:22 UTC 2020
For the property, the default key store is none. We may not want to
introduce new compatibility risks by adding a new default value. If
application want to use key store other than the default one, it is
required to set it.
Xuelei
On 2/5/2020 10:46 AM, Martin Balao wrote:
> Hi Xuelei,
>
> Thanks for having a look at this.
>
> On 2/5/20 3:00 PM, Xuelei Fan wrote:
>> I may think it differently. If keyStoreType is PKCS11, then keyStore
>> must be "NONE". It might be not necessary to allow default keyStore
>> value for PKCS11 keyStoreType.
>
> Why do you think that a non-set or empty keyStore system property won't
> work and we must enforce the "NONE" string value when keyStoreType is
> "PKCS11"? It's confusing as a user-interface that you set the
> keystore.type security property to "PKCS11" and then you must explicitly
> set "javax.net.ssl.keyStore=NONE" as JVM parameter in each run because
> empty/non-set is not considered the same than none. Looks to me that the
> original intention was to consider empty / non-set as equal to "NONE"
> because of the condition check here:
> http://hg.openjdk.java.net/jdk/jdk/file/085463e75652/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java#l1010
>
> Thanks,
> Martin.-
>
More information about the security-dev
mailing list