RFR: 8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154
Valerie Peng
valeriep at openjdk.org
Thu Aug 3 20:58:49 UTC 2023
This change addresses the scenario where a certificate is first stored as part of a certificate chain and then stored again as a certificate corresponding to a PrivateKey entry. Newer version of NSS errors out with CKR_GENERAL_ERROR with the 2nd store, i.e. C_CreateObject() call.
Proposed fix is to check for match before calling C_CreateObject(), if a match is found, set its alias instead.
-------------
Commit messages:
- 8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154
Changes: https://git.openjdk.org/jdk/pull/15146/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15146&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8309214
Stats: 53 lines in 2 files changed: 39 ins; 12 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/15146.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/15146/head:pull/15146
PR: https://git.openjdk.org/jdk/pull/15146
More information about the security-dev
mailing list