RFR: 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints [v2]
Sean Mullan
mullan at openjdk.java.net
Mon Jan 24 16:03:13 UTC 2022
On Fri, 21 Jan 2022 03:27:44 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1129:
>>
>>> 1127: }
>>> 1128:
>>> 1129: buildTrustedCerts();
>>
>> Can we reuse the keystore loaded by `buildTrustedCerts()` instead of reloading it again on line 1138?
>
> No change. This is because `caks` global variable can only be initialized with cacerts keystore when the `trustcacerts` option is specified; otherwise if has to be kept null. `buildTrustedCerts`() is always executed.
I was thinking `buildTrustedCerts` could return the cacerts `KeyStore`, and you could assign that instead to `caks` if `trustcacerts` is true.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7039
More information about the security-dev
mailing list