Am 2019-05-31 um 05:32 schrieb Weijun Wang:
Please review the CSR athttps://bugs.openjdk.java.net/browse/JDK-8224891 (Oh, I hate the CSR having a different bug id.) Basically, with this change, the cacerts file can be loaded with KeyStore.getInstance("JKS" or "PKCS12").load(stream, null or anything) or KeyStore.getInstance(new File("cacerts"), null or anything) so hopefully all your old code should still work. I've also opened another RFE [1] that intends to find a different way to tag jdkCA entries in cacerts other than appending "[jdk]" to the alias.
Can you please explain why not simple PEM bundles like OpenSSL have been chosen? This could have eased maintenance by factors, plus it is easy greppable.
