RFR: 8320362: Load anchor certificates from Keychain keystore [v5]
Alexey Bakhtin
abakhtin at openjdk.org
Thu Feb 1 22:11:05 UTC 2024
On Thu, 1 Feb 2024 21:11:31 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update CheckMacOSKeyChainTrust test
>
> test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 55:
>
>> 53: // check user and admin trustsettings to find distrusted certs
>> 54: loadUser(false);
>> 55: loadAdmin(false);
>
> Not sure what the 2 lines above are for? Is it possible a cert is distrusted in user/admin store but trusted in root store and you want to make it sure it does not appear in KEYCHAINSTORE-ROOT?
Yes. Exactly. The trusted cert can be distrusted in the user/admin domain, so It should not be available in the KEYCHAINSTORE-ROOT
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16722#discussion_r1475214596
More information about the security-dev
mailing list