Withdrawn: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449
Matthias Baesken
mbaesken at openjdk.org
Fri May 12 14:30:02 UTC 2023
On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> After 8278449, we seem to ignore in the call
>
> ` if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
>
> all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
> Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .
This pull request has been closed without being integrated.
-------------
PR: https://git.openjdk.org/jdk/pull/12829
More information about the security-dev
mailing list