On Mon, 6 Oct 2025 12:35:32 GMT, Sean Mullan <[email protected]> wrote:
>> This PR improves security warning when using JKS or JCEKS keystores.
>
> src/java.base/share/classes/java/security/KeyStore.java line 832:
>
>> 830: }
>> 831:
>> 832: private static void outdatedKeyStoreLog(String type) {
>
> I think it would be simpler to include this warning in the constructor of
> `sun.security.provider.JavaKeyStore`. Then you don't need to call this method.
Moved the warning to `engineLoad()` in `JceKeyStore` and `JavaKeyStore`,
instead of in their constructors. Otherwise, we may get false positive warnings
from KeyStore.getInstance() when it goes thru the list of providers to probe
for the right keystore.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27624#discussion_r2418709706
