Integrated: 8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154

Valerie Peng valeriep at openjdk.org
Wed Aug 23 00:15:47 UTC 2023


On Thu, 3 Aug 2023 20:51:33 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> This change addresses the scenario where a certificate is first stored as part of a certificate chain and then stored again as a certificate corresponding to a PrivateKey entry. Newer version of NSS errors out with CKR_GENERAL_ERROR with the 2nd store, i.e. C_CreateObject() call.
> 
> Proposed fix is to check for match before calling C_CreateObject(), if a match is found, set its alias instead.

This pull request has now been integrated.

Changeset: ba6cdbe2
Author:    Valerie Peng <valeriep at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/ba6cdbe2c2897a0fdc266119f0fe4545c3352b8e
Stats:     53 lines in 2 files changed: 39 ins; 12 del; 2 mod

8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154

Reviewed-by: mbaesken, jnimeh

-------------

PR: https://git.openjdk.org/jdk/pull/15146


More information about the security-dev mailing list