On Tue, 21 Dec 2021 21:39:23 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Before password-less PKCS12 keystores are supported, certificates in a >> PKCS12 file are always encrypted. Therefore if one loads the keystore with a >> null pass, it contains `PrivateKeyEntry`s without certificates. This has >> always been awkward (and most likely useless) so when JDK-8076190 introduced >> the password-less feature I also added a line to remove such an entry. >> >> https://github.com/openjdk/jdk/blob/a729a70c0119ed071ff490b0dfd4e3e2cb1a5ae4/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#L2272 >> >> >> Unfortunately, the line is not coded correctly, it should have been >> `remove(key)` but here it's `remove(value)`. >> >> This code change correctly removes the entry. >> >> That said, this behavior, although weird, has been there from the beginning >> since PKCS12 keystore was introduced. If you can find out a usage of a >> private key entry without any certificate and think it's worth kept that >> way, I can simply remove the `remove` call and leave the entry there. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > just ignore it Marked as reviewed by mullan (Reviewer). ------------- PR: https://git.openjdk.java.net/jdk/pull/6910
