RFR: 8320362: Load anchor certificates from Keychain keystore [v5]
Alexey Bakhtin
abakhtin at openjdk.org
Fri Mar 8 19:14:57 UTC 2024
On Fri, 16 Feb 2024 15:01:34 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>>> Will KEYCHAINSTORE-ROOT contains trusted certs inside KEYCHAINSTORE? I tried on my machine and there are some items not in `security dump-trust-settings -s`.
>> `security dump-trust-settings -s` returns only predefined root certificates. KEYCHAINSTORE-ROOT additionally contains installed root trusted certificates in the system domain
>
>> `security dump-trust-settings -s` returns only predefined root certificates. KEYCHAINSTORE-ROOT additionally contains installed root trusted certificates in the system domain
>
> Are you sure they should be added into this keystore? It looks like all the extra certs in KEYCHAINSTORE-ROOT that are not in `security dump-trust-settings -s` are all inside KEYCHAINSTORE. Maybe that's where they should belong to?
@wangweij could you please take a look at the last proposed commit, if you have any chance
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecomment-1986258560
More information about the security-dev
mailing list