For the property, the default key store is none. We may not want to
introduce new compatibility risks by adding a new default value. If
application want to use key store other than the default one, it is
required to set it.
Xuelei
On 2/5/2020 10:46 AM, Martin Balao wrote:
Hi Xuelei,
Thanks for having a look at this.
On 2/5/20 3:00 PM, Xuelei Fan wrote:
I may think it differently. If keyStoreType is PKCS11, then keyStore
must be "NONE". It might be not necessary to allow default keyStore
value for PKCS11 keyStoreType.
Why do you think that a non-set or empty keyStore system property won't
work and we must enforce the "NONE" string value when keyStoreType is
"PKCS11"? It's confusing as a user-interface that you set the
keystore.type security property to "PKCS11" and then you must explicitly
set "javax.net.ssl.keyStore=NONE" as JVM parameter in each run because
empty/non-set is not considered the same than none. Looks to me that the
original intention was to consider empty / non-set as equal to "NONE"
because of the condition check here:
http://hg.openjdk.java.net/jdk/jdk/file/085463e75652/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java#l1010
Thanks,
Martin.-
