RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v5]
christophvw
duke at openjdk.org
Tue Oct 29 15:55:22 UTC 2024
On Tue, 29 Oct 2024 15:34:37 GMT, Mat Carter <macarte at openjdk.org> wrote:
>> @wangweij, please see the release note above.
>
>> @rebarbora-mckvak I've added the release note as https://bugs.openjdk.org/browse/JDK-8340661 last month.
>>
>> I didn't approve because of Mat's Aug 14 comment:
>>
>> > I think there's at least two issues that need to be addressed (see above comments)
>>
>> @macarte Is this still your current opinion?
>
> Yes I believe these are two potential issues that should at least be reviewed (the issues are outlined in the comments); IIRC they should be trivial to address
@macarte that's a lot to read. could you give a short summary of the issues?
@wangweij
> So my concern is that inside Windows-MY-LOCALMACHINE, this entry actually contains a private key. But because of user privilege missing, the private key is not available and it shows as a certificate entry.
That's by design. When the user needs access to the private key, assign the proper permissions.
Select the certificate in the MMC Certs snap-in -> right click -> All tasks -> Manage private keys -> give the user read permissions to the private key
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2444683082
More information about the security-dev
mailing list