[jdk11u] RFR: 8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates [v2]
Matthias Baesken
mbaesken at openjdk.org
Mon Jun 12 10:49:53 UTC 2023
On Thu, 8 Jun 2023 06:55:34 GMT, Christoph Langer <clanger at openjdk.org> wrote:
>> Hi all,
>>
>> This pull request contains a backport of [JDK-8303465](https://bugs.openjdk.org/browse/JDK-8303465), commit [ac41c030](https://github.com/openjdk/jdk/commit/ac41c030030c3d31815474c793ac9c420c47e22c) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.
>>
>> This is an improvement for the handling of certificates from the MacOSX keychain which regressed since the April 2022 CPU update (11.0.15) and does not show all appropriate certificates that it should do. The fix was just recently submitted in head and came too late for the regular dev cycle for 11.0.20. However, I would ask to include it now in rampdown, since we have an open customer issue that it would solve. Since our customer is consuming the JDK via Eclipse/Adoptium, it would also not suffice to cherry-pick it into the SapMachine build only, so that's why my request is to take it into 11.0.20.
>>
>> The backport applied nearly clean, I only had to adapt some Java code due to lacking instanceof features in 11.
>>
>> It involves a CSR but the original CSR has been approved for all relevant backport releases.
>>
>> Thanks
>> Christoph
>
> Christoph Langer has updated the pull request incrementally with one additional commit since the last revision:
>
> Fix instanceof handling for Java 11
LGTM
-------------
Marked as reviewed by mbaesken (Reviewer).
PR Review: https://git.openjdk.org/jdk11u/pull/73#pullrequestreview-1474618927
More information about the jdk-updates-dev
mailing list