RFR: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449
Weijun Wang
weijun at openjdk.org
Fri Mar 3 14:13:14 UTC 2023
On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> After 8278449, we seem to ignore in the call
>
> ` if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
>
> all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
> Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .
The command shows `SecTrustSettingsCopyCertificates: No Trust Settings were found.` and exits with 1.
-------------
PR: https://git.openjdk.org/jdk/pull/12829
More information about the security-dev
mailing list