RFR: 8320362: Load anchor certificates from Keychain keystore [v3]
Weijun Wang
weijun at openjdk.org
Wed Jan 24 16:06:31 UTC 2024
On Thu, 4 Jan 2024 17:14:18 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> > What are the change for existing `addCertificatesToKeystore` for? Is there any behavior change?
>
> Hi @wangweij . No behavior changes. Just reformatted to make it similar to addCertificatesToKeystoreRoot. Can be reverted back.
Looks so. However, [kSecTrustSettingsDomainUser](https://developer.apple.com/documentation/security/sectrustsettingsdomain/ksectrustsettingsdomainuser) is explicitly set to 0 but [kSecTrustSettingsDomainAdmin](https://developer.apple.com/documentation/security/sectrustsettingsdomain/ksectrustsettingsdomainadmin) has not. This makes me a little uncomfortable.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecomment-1908432999
More information about the security-dev
mailing list