Hello,

Is the following comment correct, it looks like it should read „with NUL 
terminator“ instead?

// without a NULL terminator

Greetings
Bernd

Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
From: security-dev <security-dev-boun...@openjdk.java.net> on behalf of Weijun 
Wang <weijun.w...@oracle.com>
Sent: Friday, April 27, 2018 6:56:03 PM
To: security-dev@openjdk.java.net
Subject: RFR 8202299: Java Keystore fails to load PKCS12/PFX certificates 
created in WindowsServer2016

Please take a look at

   http://cr.openjdk.java.net/~weijun/8202299/webrev.00/

Turns out we have to retry [0] other than [] in all 3 locations: decrypting 
keys, decrypting certs, and verifying the mac.

Thanks
Max

p.s. You might wonder why suddenly in Windows Server 2016, Microsoft starts 
using [0] to generate the Mac. In fact, they have been doing this all the time. 
However, before 2016, they also encrypted the certificates, and to decrypt 
them, Java has already changed password from [] to [0].

p.p.s. But is this correct? Should the certificate decryption code only 
temporarily retries [0] but not changing password itself? Well, maybe. But 
unless a weird software sometimes uses [] and sometimes [0], this will not be a 
problem, and changing password itself saves us some cycles from always trying 
twice.

Reply via email to