RFR: 8275252: Migrate cacerts from JKS to password-less PKCS12
Weijun Wang
weijun at openjdk.java.net
Thu Oct 14 19:53:50 UTC 2021
On Thu, 14 Oct 2021 13:36:19 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> The cacerts file is now a password-less PKCS12 file. This make sure old code that uses a JKS KeyStore object can continuously load it using a null password (in fact, any password) and see all certificates inside.
No, this PR is totally independent. Once a password-less pkcs12 file is generated, it can be read by any JDK since JDK 7u with a null password and the certs are visible. The other 2 tickets are all about storing, storing with a null password, storing with a default algorithm.
I've made JDK-8274913 public. It's just an idea and not proposed to any release.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5948
More information about the security-dev
mailing list