Bug in apple.security.KeychainStore provider
David Kocher
dkocher at sudo.ch
Fri Jun 13 08:31:36 UTC 2014
(I haven’t found a way to register on bugs.openjdk.java.net and file a bug, therefore posting it here).
There is a bug in the native KeystoreImpl that it only searches for identities that have a key usage of “Any” using CSSM_KEYUSE_ANY instead of passing `0` to the SecIdentitySearchCreate keychain function. Refer to line 282 in [1]. This will exclude all identities that have a specific key usage set such as “Encrypt, Verify, Wrap, Derive”.
[1] http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/macosx/native/apple/security/KeystoreImpl.m
I have also found issues with instances of KeyEntry that have an empty array for the “chain” property causing index out of bounds exceptions. See attached patch.
-------------- next part --------------
-
David
More information about the macosx-port-dev
mailing list