On Wed, 27 Apr 2022 19:33:10 GMT, Weijun Wang <wei...@openjdk.org> wrote:

>> src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 487:
>> 
>>> 485:             // Check if private key available - client authentication 
>>> certificate
>>> 486:             // must have private key available.
>>> 487:             HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv = NULL;
>> 
>> It is not quite clear from the CSR, was this a bug (previous JDK-8026953 
>> incomplete) or is that only a type cleanup and using ncrypt keys worked 
>> before? (In that Case does it need to be mentioned in csr?)
>
> Same question. Does a new type name automagically add support for CNG?

Correct, it does enable access to certificates and keys that require next 
(second) generation, that were previously inaccessible.  I've just realized the 
implication of this on existing applications and so I'm going to pause and run 
some test, especially around enumeration

-------------

PR: https://git.openjdk.java.net/jdk/pull/8211

Reply via email to