RFR: 8320362: Load anchor certificates from Keychain keystore [v5]
Weijun Wang
weijun at openjdk.org
Fri Feb 16 15:03:55 UTC 2024
On Fri, 2 Feb 2024 20:28:58 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> `security dump-trust-settings -s` returns only predefined root certificates. KEYCHAINSTORE-ROOT additionally contains installed root trusted certificates in the system domain
Are you sure they should be added into this keystore? It looks like all the extra certs in KEYCHAINSTORE-ROOT that are not in `security dump-trust-settings -s` are all inside KEYCHAINSTORE. Maybe that's where they should belong to?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecomment-1948542783
More information about the security-dev
mailing list