RFR: 8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates [v6]
Weijun Wang
weijun at openjdk.org
Tue May 23 15:10:58 UTC 2023
On Tue, 23 May 2023 06:52:01 GMT, Christoph Langer <clanger at openjdk.org> wrote:
>> How do you know "the existing entry must have the same properties and trust settings"?
>
> Trust settings are stored per certificate. That is, when you do `security add-trusted-cert`, you have to pass a certificate that the entry is created for. It does not matter then, if the certificate is actually present/loaded into any keychain. If the certificate is not in the keychain, a `security dump-trust-settings` will not show the trust entry then but after you add it, it gets visible.
>
> So, that means, if two certificates are the same, no matter if they were loaded from different keychains or under different aliases (don't know whether the latter is possible though), they will share the same trust records.
I see. Thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13945#discussion_r1202347175
More information about the security-dev
mailing list