RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation
Weijun Wang
weijun at openjdk.org
Wed Mar 13 18:27:15 UTC 2024
On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>
> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>
> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
A CSR is needed if there will be a spec or doc change, and I don't see we need it anywhere. It is also needed if there is a non-trivial compatibility issue. While there is some behavior change here I don't think it's a compatibility issue. Those worked still work and those didn't work now somehow work. To inform the user this behavior change it looks like a release note is enough. See https://openjdk.org/guide/#release-notes.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-1995280726
More information about the security-dev
mailing list