'Code Review Request JDK-8129988 JSSE should create a single instance of the cacerts KeyStore'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-security-dev
Subject:    Code Review Request JDK-8129988 JSSE should create a single instance of the cacerts KeyStore
From:       Xuelei Fan <xuelei.fan () oracle ! com>
Date:       2016-11-27 0:46:36
Message-ID: a2f44f85-9c9b-be79-f27d-c1012fc1fa05 () oracle ! com
[Download RAW message or body]

Hi,

Please review the performance enhancement update:

    http://cr.openjdk.java.net/~xuelei/8129988/webrev.00/

In SunJSSE provider, there are two ways to use the default trust store 
(lib/security/cacerts), using the default SSLContext instance or using 
the default trust manager.

The default SSLContext holds a strong reference to a collection of 
trusted certificates in cacerts in static mode.  The default trust 
manager reads the cacerts file and creates a KeyStore and parses the 
certificates each time.

With the growth of cacerts, the loading and cache of trusted certificate 
is not performance friendly.

In this fix, I'm trying to find a balance between CPU and memory: reuse 
the loaded trusted certificates if possible and release the unused 
trusted certificates if necessary.

Thanks,
Xuelei

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic