use hardcoded jks type for loading cacerts

it seems with jdk9 KeyStore.getDefaultType() did change fixes #79
jruby · Dec 30, 2015 · bb8d074 · bb8d074 · kares · Dec 31, 2015
1 parent e445599
commit bb8d074
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/src/main/java/org/jruby/ext/openssl/x509store/Lookup.java b/src/main/java/org/jruby/ext/openssl/x509store/Lookup.java
@@ -356,8 +356,10 @@ public int loadDefaultJavaCACertsFile(String certsFile) throws IOException, Gene
         final FileInputStream fin = new FileInputStream(certsFile);
         int count = 0;
         try {
-            KeyStore keystore = SecurityHelper.getKeyStore(KeyStore.getDefaultType());
-            // we pass a null password, as the cacerts file isn't password protected
+	    // hardcode the keystore type, as we expcet cacerts to be a java
+	    // keystore - especially needed for jdk9
+            KeyStore keystore = SecurityHelper.getKeyStore("jks");
+	    // we pass a null password, as the cacerts file isn't password protected
             keystore.load(fin, null);
             PKIXParameters params = new PKIXParameters(keystore);
             for ( TrustAnchor trustAnchor : params.getTrustAnchors() ) {