[jdk11u] Integrated: 8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates
Christoph Langer
clanger at openjdk.org
Wed Jun 14 07:15:15 UTC 2023
On Wed, 7 Jun 2023 08:08:36 GMT, Christoph Langer <clanger at openjdk.org> wrote:
> Hi all,
>
> This pull request contains a backport of [JDK-8303465](https://bugs.openjdk.org/browse/JDK-8303465), commit [ac41c030](https://github.com/openjdk/jdk/commit/ac41c030030c3d31815474c793ac9c420c47e22c) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.
>
> This is an improvement for the handling of certificates from the MacOSX keychain which regressed since the April 2022 CPU update (11.0.15) and does not show all appropriate certificates that it should do. The fix was just recently submitted in head and came too late for the regular dev cycle for 11.0.20. However, I would ask to include it now in rampdown, since we have an open customer issue that it would solve. Since our customer is consuming the JDK via Eclipse/Adoptium, it would also not suffice to cherry-pick it into the SapMachine build only, so that's why my request is to take it into 11.0.20.
>
> The backport applied nearly clean, I only had to adapt some Java code due to lacking instanceof features in 11.
>
> It involves a CSR but the original CSR has been approved for all relevant backport releases.
>
> Thanks
> Christoph
This pull request has now been integrated.
Changeset: d286dded
Author: Christoph Langer <clanger at openjdk.org>
URL: https://git.openjdk.org/jdk11u/commit/d286dded5f7714d54fe57b999a5553653d45218b
Stats: 242 lines in 3 files changed: 194 ins; 32 del; 16 mod
8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates
Reviewed-by: mbaesken
Backport-of: ac41c030030c3d31815474c793ac9c420c47e22c
-------------
PR: https://git.openjdk.org/jdk11u/pull/73
More information about the jdk-updates-dev
mailing list