RFR: 8353749: Improve security warning when using JKS or JCEKS keystores
Hai-May Chao
hchao at openjdk.org
Fri Oct 10 07:08:03 UTC 2025
On Mon, 6 Oct 2025 12:35:32 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> This PR improves security warning when using JKS or JCEKS keystores.
>
> src/java.base/share/classes/java/security/KeyStore.java line 832:
>
>> 830: }
>> 831:
>> 832: private static void outdatedKeyStoreLog(String type) {
>
> I think it would be simpler to include this warning in the constructor of `sun.security.provider.JavaKeyStore`. Then you don't need to call this method.
Moved the warning to `engineLoad()` in `JceKeyStore` and `JavaKeyStore`, instead of in their constructors. Otherwise, we may get false positive warnings from KeyStore.getInstance() when it goes thru the list of providers to probe for the right keystore.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27624#discussion_r2418709706
More information about the security-dev
mailing list