RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v8]
Mat Carter
macarte at openjdk.org
Wed Oct 30 21:18:39 UTC 2024
On Tue, 29 Oct 2024 19:50:46 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
>> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>>
>> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>>
>> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
>
> rebarbora-mckvak has updated the pull request incrementally with one additional commit since the last revision:
>
> 8313367: getting PP_KEYSET_TYPE parameter fixed
src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 803:
> 801: DWORD keysetType = 0;
> 802: DWORD keysetTypeLen = sizeof(keysetType);
> 803: ::CryptGetProvParam((HCRYPTPROV)hCryptProv, PP_KEYSET_TYPE, //deprecated
This addresses the previous concerns
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16687#discussion_r1823402140
More information about the security-dev
mailing list