RFR: 8275252: Migrate cacerts from JKS to password-less PKCS12
Weijun Wang
weijun at openjdk.java.net
Thu Oct 14 20:06:49 UTC 2021
On Thu, 14 Oct 2021 13:36:19 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> The cacerts file is now a password-less PKCS12 file. This make sure old code that uses a JKS KeyStore object can continuously load it using a null password (in fact, any password) and see all certificates inside.
For password-less pksc12, JDK-8231107 is more relevant. JDK-8274913 still has MacData, which is quite useless for cacerts, and leaving a well-known password there is awkward.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5948
More information about the security-dev
mailing list