RFR: 8310003: Improve logging when default truststore is inaccessible
Sean Mullan
mullan at openjdk.org
Wed May 7 17:06:17 UTC 2025
On Wed, 7 May 2025 03:45:06 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
> If the truststore is unavailable, JDK does not log information for 'trustStore provider is:'. We are now adding 'unspecified' instead of keeping empty.
src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java line 133:
> 131: KeyStore.getDefaultType());
> 132: String storePropProvider = System.getProperty(
> 133: "javax.net.ssl.trustStoreProvider", "unspecified");
We only want "unspecified" to show up in the log message. This code will set the provider to "unspecified" (if not set) when later instantiating a `TrustManager`, which is not what we want to happen.
Only line 115 should probably be changed. You can do something like:
> "trustStore provider is: " + (storeProvider == null ? "unspecified" : storeProvider) + "\n" +
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25077#discussion_r2078088008
More information about the security-dev
mailing list