RFR: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449
Matthias Baesken
mbaesken at openjdk.org
Tue Mar 7 14:39:40 UTC 2023
On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> After 8278449, we seem to ignore in the call
>
> ` if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
>
> all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
> Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .
Hi Weijun, besides the test issue you mentioned, is this patch fine with you?
-------------
PR: https://git.openjdk.org/jdk/pull/12829
More information about the security-dev
mailing list