RFR: 8301154: SunPKCS11 KeyStore deleteEntry results in dangling PrivateKey entries
Hai-May Chao
hchao at openjdk.org
Fri May 5 20:51:19 UTC 2023
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain removal?
>
> The proposed fix will not remove the cert if it has a corresponding private key or is an issuer of other entities in the same keystore.
>
> Thanks,
> Valerie
As Max pointed out to use SecurityTools.keytool to generate keys/certs, I'd like to suggest using it to add a test case for pk1->pk2->ca, to test when deleting an intermediate cert.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13743#issuecomment-1536764393
More information about the security-dev
mailing list