RFR: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449
Matthias Baesken
mbaesken at openjdk.org
Thu Mar 2 13:43:09 UTC 2023
After 8278449, we seem to ignore in the call
` if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .
-------------
Commit messages:
- JDK-8303465
Changes: https://git.openjdk.org/jdk/pull/12829/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12829&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8303465
Stats: 9 lines in 1 file changed: 7 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/12829.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/12829/head:pull/12829
PR: https://git.openjdk.org/jdk/pull/12829
More information about the security-dev
mailing list