Hi Xuelei, Thanks for having a look at this.
On 2/5/20 3:00 PM, Xuelei Fan wrote: > I may think it differently. If keyStoreType is PKCS11, then keyStore > must be "NONE". It might be not necessary to allow default keyStore > value for PKCS11 keyStoreType. Why do you think that a non-set or empty keyStore system property won't work and we must enforce the "NONE" string value when keyStoreType is "PKCS11"? It's confusing as a user-interface that you set the keystore.type security property to "PKCS11" and then you must explicitly set "javax.net.ssl.keyStore=NONE" as JVM parameter in each run because empty/non-set is not considered the same than none. Looks to me that the original intention was to consider empty / non-set as equal to "NONE" because of the condition check here: http://hg.openjdk.java.net/jdk/jdk/file/085463e75652/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java#l1010 Thanks, Martin.-
