Yes, I meant \0. Will fix it.
Thanks Max > On Apr 28, 2018, at 1:10 AM, Bernd Eckenfels <e...@zusammenkunft.net> wrote: > > Hello, > > Is the following comment correct, it looks like it should read „with NUL > terminator“ instead? > > // without a NULL terminator > > Greetings > Bernd > > Gruss > Bernd > -- > http://bernd.eckenfels.net > From: security-dev <security-dev-boun...@openjdk.java.net> on behalf of > Weijun Wang <weijun.w...@oracle.com> > Sent: Friday, April 27, 2018 6:56:03 PM > To: security-dev@openjdk.java.net > Subject: RFR 8202299: Java Keystore fails to load PKCS12/PFX certificates > created in WindowsServer2016 > > Please take a look at > > http://cr.openjdk.java.net/~weijun/8202299/webrev.00/ > > Turns out we have to retry [0] other than [] in all 3 locations: decrypting > keys, decrypting certs, and verifying the mac. > > Thanks > Max > > p.s. You might wonder why suddenly in Windows Server 2016, Microsoft starts > using [0] to generate the Mac. In fact, they have been doing this all the > time. However, before 2016, they also encrypted the certificates, and to > decrypt them, Java has already changed password from [] to [0]. > > p.p.s. But is this correct? Should the certificate decryption code only > temporarily retries [0] but not changing password itself? Well, maybe. But > unless a weird software sometimes uses [] and sometimes [0], this will not be > a problem, and changing password itself saves us some cycles from always > trying twice.
