RFR: 8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates
Christoph Langer
clanger at openjdk.org
Wed May 17 07:16:47 UTC 2023
On Tue, 16 May 2023 07:46:37 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> Hi Christoph, I do not see any reference to kSecTrustSettingsDomainSystem in your coding. Handling at least kSecTrustSettingsDomainUser and kSecTrustSettingsDomainAdmin is good but I am not sure about kSecTrustSettingsDomainSystem . Did you find some documentation why it should be omitted ?
Hi Matthias,
yes, I think it is not nicely documented. I've seen in testing, that kSecTrustSettingsDomainSystem merely holds information for trusted root CAs. So in theory, we could add this. However, other code in that area that we've found out in the wild doesn't do it as well. Let's see what others think about this.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13945#issuecomment-1550872311
More information about the security-dev
mailing list