8168861: AnchorCertificates uses hardcoded password for cacerts keystore
Reviewed-by: vinnie, mullan
--- a/jdk/src/java.base/share/classes/sun/security/util/AnchorCertificates.java Tue Nov 08 16:18:41 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/util/AnchorCertificates.java Mon Nov 14 10:13:38 2016 -0800
@@ -58,7 +58,7 @@
try {
cacerts = KeyStore.getInstance("JKS");
try (FileInputStream fis = new FileInputStream(f)) {
- cacerts.load(fis, "changeit".toCharArray());
+ cacerts.load(fis, null);
certs = new HashSet<>();
Enumeration<String> list = cacerts.aliases();
String alias;