RFR: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449

Weijun Wang weijun at openjdk.org
Thu Mar 2 17:36:22 UTC 2023


On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

> After 8278449, we seem to ignore in the call
> 
> `  if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
> 
> all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
> Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .

Oops, seems the `security` command is failing when running the test on our testing clients. Maybe no user privilege? I'll do more investigation and maybe have to make it an internal test or manual one.

It does run fine on my own machine.

-------------

PR: https://git.openjdk.org/jdk/pull/12829


More information about the security-dev mailing list