RFR: 8301154: SunPKCS11 KeyStore deleteEntry results in dangling PrivateKey entries
Valerie Peng
valeriep at openjdk.org
Fri May 5 20:23:20 UTC 2023
On Fri, 5 May 2023 16:43:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private key or is an issuer of other entities in the same keystore.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java line 2057:
>
>> 2055: currHdl = ch[0];
>> 2056: } else {
>> 2057: currHdl = 0L;
>
> Maybe just `break`?
Sure, that'll work also.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13743#discussion_r1186470638
More information about the security-dev
mailing list