Withdrawn: JDK-8303465: KeyStore of type KeychainStore, provider Apple shows different behavior after 8278449

Matthias Baesken mbaesken at openjdk.org
Fri May 12 14:30:02 UTC 2023


On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

> After 8278449, we seem to ignore in the call
> 
> `  if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
> 
> all trusted certs from admin and system domains, so a lot more certs are ignored than necessary.
> Probably we should take at least the certs with trust settings from kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and kSecTrustSettingsDomainSystem domains .

This pull request has been closed without being integrated.

-------------

PR: https://git.openjdk.org/jdk/pull/12829


More information about the security-dev mailing list