RFR: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449

Matthias Baesken mbaesken at openjdk.org
Thu Mar 2 13:43:09 UTC 2023

After 8278449, we seem to ignore in the call

`  if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `

all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .


Commit messages:
 - JDK-8303465

Changes: https://git.openjdk.org/jdk/pull/12829/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12829&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8303465
  Stats: 9 lines in 1 file changed: 7 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/12829.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12829/head:pull/12829

PR: https://git.openjdk.org/jdk/pull/12829

More information about the security-dev mailing list