# HG changeset patch # User andrew # Date 1525111445 -3600 # Mon Apr 30 19:04:05 2018 +0100 # Node ID 388fc8da23044317c160678ffa8ff541c216a255 # Parent 556adf3a76aa81bf3918d7d46554dae7cc1d5c5c PR3575: System cacerts database handling should not affect jssecacerts diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java --- openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java +++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java @@ -162,7 +162,7 @@ * Try: * javax.net.ssl.trustStore (if this variable exists, stop) * jssecacerts - * cacerts + * cacerts (system and local) * * If none exists, we use an empty keystore. */ @@ -174,14 +174,14 @@ storeFile = new File(storeFileName); fis = getFileInputStream(storeFile); } else { - /* Check system cacerts DB first; /etc/pki/java/cacerts */ - storeFile = new File(sep + "etc" + sep + "pki" + sep - + "java" + sep + "cacerts"); + String javaHome = props.get("javaHome"); + storeFile = new File(javaHome + sep + "lib" + sep + + "security" + sep + + "jssecacerts"); if ((fis = getFileInputStream(storeFile)) == null) { - String javaHome = props.get("javaHome"); - storeFile = new File(javaHome + sep + "lib" + sep - + "security" + sep + - "jssecacerts"); + /* Check system cacerts DB first; /etc/pki/java/cacerts */ + storeFile = new File(sep + "etc" + sep + "pki" + sep + + "java" + sep + "cacerts"); if ((fis = getFileInputStream(storeFile)) == null) { storeFile = new File(javaHome + sep + "lib" + sep + "security" + sep +