On Tue, 25 Jan 2022 14:38:32 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update to get denyAfter and init caks
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1138:
>
>> 1136:
>> 1137: if (trustcacerts) {
>> 1138: caks = cakstore;
>
> I just realized there is a slight change in behavior in that
> `buildTrustedCerts` ignores exceptions, whereas
> `KeyStoreUtil.getCacertsKeyStore()` does not. An exception should be a very
> rare case, but I recommend changing line 1138 to:
>
>
> if (cakstore != null) {
> caks = cakstore;
> } else {
> // try to load cacerts again, and let exception propagate if it cannot be
> loaded
> caks = KeyStoreUtil.getCacertsKeyStore();
> }
Added the exception as recommended.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7039
