RFR: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449
Weijun Wang
weijun at openjdk.org
Thu Mar 2 17:36:22 UTC 2023
On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> After 8278449, we seem to ignore in the call
>
> ` if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
>
> all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
> Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .
Oops, seems the `security` command is failing when running the test on our testing clients. Maybe no user privilege? I'll do more investigation and maybe have to make it an internal test or manual one.
It does run fine on my own machine.
-------------
PR: https://git.openjdk.org/jdk/pull/12829
More information about the security-dev
mailing list