On 2/5/2020 1:11 PM, Martin Balao wrote:
On 2/5/20 4:10 PM, Xuelei Fan wrote:
For the property, the default key store is none.
If "javax.net.ssl.keyStore" system property is not set, the default
"keyStore" value is an empty string (not "NONE").
Yes, it is empty, no value, not the "NONE" string.
We may not want to
introduce new compatibility risks by adding a new default value.
I don't intend to change the default value. The default will continue to
be an empty string. All I want is to fix the ambiguity between empty
string and string "NONE" when checking the condition.
But with the patch, the value is indeed changed from none (empty) to
"NONE" in logic. You would also need to change other code if yo really
want it (have the property value return "NONE", check other code to make
sure "NONE" is used when it is "empty", documentation the special value,
etc). I don't think we want to the unnecessary conflicts and complex,
for limited benefits.
I'm fine if you want to update documentation to make it clear that one
need to set the keyStore to "NONE" for PKCS11.
Regards,
Xuelei
If
application want to use key store other than the default one, it is
required to set it.
Yes, sure. I'm not discussing this.
Thanks,
Martin.-
