RFR: JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider

Weijun Wang weijun at openjdk.java.net
Wed Apr 27 19:32:39 UTC 2022

On Tue, 12 Apr 2022 19:03:40 GMT, Mat Carter <duke at openjdk.java.net> wrote:

> On Windows you can now access the local machine keystores using the strings "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the application requires admin privileges.
> "Windows-MY" and "Windows-ROOT" remain unchanged, however given these original keystore strings mapped to the current user, I added "Windows-MY-CURRENTUSER" and "Windows-ROOT-CURRENTUSER" so that a developer can explicitly specify the current user location. These two new strings simply map to the original two strings, i.e. no duplication of code paths etc
> No new tests added, keystore functionality and API remains unchanged, the local machine keystore types would require the tests to run in admin mode
> Tested on windows, passes tier1 and tier2 tests

The CSR looks fine. It's not necessary to attach a patch there. At least don't name it `specdiff` because it's not about spec.

BTW, how do you think of the names proposed in https://github.com/openjdk/jdk/pull/8211#issuecomment-1099925744?


PR: https://git.openjdk.java.net/jdk/pull/8211

More information about the security-dev mailing list