RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation
Weijun Wang
weijun at openjdk.org
Wed Mar 13 19:35:15 UTC 2024
On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>
> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>
> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
That means a regression test can be added to this code change. No matter if the user running the test is an admin or not, the keystore can always be loaded. Is that right?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-1995508825
More information about the security-dev
mailing list