RFR: 8320362: Load anchor certificates from Keychain keystore [v7]
Sean Mullan
mullan at openjdk.org
Tue Mar 19 14:04:26 UTC 2024
On Fri, 23 Feb 2024 23:07:07 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store only.
>
> Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision:
>
> Load root certificates from SystemRootCertificates.keychain
Is it practical to add a test as described in the bug?:
`java -Djavax.net.ssl.trustStoreType=KeychainStore-ROOT HttpsURLConnectionTest https://github.com/`
This could be added to the `test/jdk/security/infra` test directory since it depends on an external server.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecomment-2007261252
More information about the security-dev
mailing list