RFR: 8275252: Migrate cacerts from JKS to password-less PKCS12

Weijun Wang weijun at openjdk.java.net
Thu Oct 14 19:53:50 UTC 2021

On Thu, 14 Oct 2021 13:36:19 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> The cacerts file is now a password-less PKCS12 file. This make sure old code that uses a JKS KeyStore object can continuously load it using a null password (in fact, any password) and see all certificates inside.

No, this PR is totally independent. Once a password-less pkcs12 file is generated, it can be read by any JDK since JDK 7u with a null password and the certs are visible. The other 2 tickets are all about storing, storing with a null password, storing with a default algorithm.

I've made JDK-8274913 public. It's just an idea and not proposed to any release.


PR: https://git.openjdk.java.net/jdk/pull/5948

More information about the security-dev mailing list