RFR: 8320362: Load anchor certificates from Keychain keystore [v5]
Weijun Wang
weijun at openjdk.org
Thu Feb 1 21:15:05 UTC 2024
On Thu, 1 Feb 2024 00:23:26 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store only.
>
> Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision:
>
> Update CheckMacOSKeyChainTrust test
test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 41:
> 39: * honors trust settings
> 40: * @run main CheckMacOSKeyChainTrust KEYCHAINSTORE
> 41: * @run main CheckMacOSKeyChainTrust KEYCHAINSTORE-ROOT
Can we do both in a single test run?
test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 55:
> 53: // check user and admin trustsettings to find distrusted certs
> 54: loadUser(false);
> 55: loadAdmin(false);
Not sure what the 2 lines above are for? Is it possible a cert is distrusted in user/admin store but trusted in root store and you want to make it sure it does not appear in KEYCHAINSTORE-ROOT?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16722#discussion_r1475150824
PR Review Comment: https://git.openjdk.org/jdk/pull/16722#discussion_r1475154375
More information about the security-dev
mailing list