Skip to content

Commit

Permalink
use hardcoded jks type for loading cacerts
Browse files Browse the repository at this point in the history
it seems with jdk9 KeyStore.getDefaultType() did change

fixes #79
mkristian committed Dec 30, 2015
1 parent e445599 commit bb8d074
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/main/java/org/jruby/ext/openssl/x509store/Lookup.java
Original file line number Diff line number Diff line change
@@ -356,8 +356,10 @@ public int loadDefaultJavaCACertsFile(String certsFile) throws IOException, Gene
final FileInputStream fin = new FileInputStream(certsFile);
int count = 0;
try {
KeyStore keystore = SecurityHelper.getKeyStore(KeyStore.getDefaultType());
// we pass a null password, as the cacerts file isn't password protected
// hardcode the keystore type, as we expcet cacerts to be a java
// keystore - especially needed for jdk9
KeyStore keystore = SecurityHelper.getKeyStore("jks");
// we pass a null password, as the cacerts file isn't password protected
keystore.load(fin, null);
PKIXParameters params = new PKIXParameters(keystore);
for ( TrustAnchor trustAnchor : params.getTrustAnchors() ) {

3 comments on commit bb8d074

@kares
Copy link
Member

@kares kares commented on bb8d074 Dec 31, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you notice what KeyStore.getDefaultType() returns under J9 (maybe its a bug) ?

@mkristian
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jdk9 does return "pkcs12" - I am using the on jdk9 from oracle and it produces the same error as the one from openjdk.

can not say if this is a bug and a change of the default type.

once they change the format of cacerts file, then we have another problem ;)

Sorry, something went wrong.

@kares
Copy link
Member

@kares kares commented on bb8d074 Dec 31, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

heh nice ☕ indeed, thanks!

Sorry, something went wrong.

Please sign in to comment.