RFR: 8344924: Default CA certificates loaded despite request to use custom keystore
Alan Bateman
alanb at openjdk.org
Sat Dec 7 06:44:36 UTC 2024
On Fri, 6 Dec 2024 21:15:23 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
> A regression was introduced by [JDK-8338383](https://bugs.openjdk.org/browse/JDK-8338383). Remove the forced static eager initialization.
Would it be possible to create some follow-up issues to re-visit the class initialisers and the coarseness of locking in this area? As noted in the bug, the use of class locks is surprising.
Also I'm not sure about saying "regression". I assume the only negative impact of eager initialising AnchorCertificates is using using a custom implementation. In that case, default truststore is needlessly loaded, is that right?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22616#issuecomment-2524971845
More information about the security-dev
mailing list