-
Bug
-
Resolution: Fixed
-
P3
-
24
-
b02
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8345952 | 24 | Kevin Driver | P3 | Resolved | Fixed | b28 |
After the changes introduced in JDK-8338383 to X509TrustManagerImpl, the Java runtime forces the loading of the default CA certificates, even if the intention is to load a custom keystore.
The sample code below demonstrates this behavior
// Load the custom truststore
FileInputStream fis = new FileInputStream("CustomKeyStore");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(fis, "testpass".toCharArray());
// Initialize the TrustManagerFactory with the custom keystore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
The sample code below demonstrates this behavior
// Load the custom truststore
FileInputStream fis = new FileInputStream("CustomKeyStore");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(fis, "testpass".toCharArray());
// Initialize the TrustManagerFactory with the custom keystore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
- backported by
-
JDK-8345952 Default CA certificates loaded despite request to use custom keystore
-
- Resolved
-
- relates to
-
JDK-8345954 Revisit Class Initializers and Locking in X509TrustManagerImpl
-
- Open
-
-
-
- Resolved
-
- links to
-
Commit(jdk24)
openjdk/jdk/4ecb28cc
-
Commit(master)
openjdk/jdk/4c39e9fa
-
Review(jdk24)
openjdk/jdk/22672
-
Review(master)
openjdk/jdk/22616
(2 links to)