RFR: 8347067: Load certificates without explicit trust settings in KeyChainStore
Tim Jacomb
duke at openjdk.org
Fri Jan 24 21:17:28 UTC 2025
On Fri, 3 Jan 2025 16:52:51 GMT, Tim Jacomb <duke at openjdk.org> wrote:
>> Interesting for root certificate `SecTrustSettingsCopyTrustSettings` returns:
>>
>> * -25300 (not found) when trust policy is `Use System Defaults`
>> * 0 and a `kSecTrustSettingsResult` value of 3 when set to Never Trust
>> * 0 and a `kSecTrustSettingsResult` value of 1 when set to Always Trust
>
> With https://github.com/openjdk/jdk/pull/22911/commits/5102dade13f44dedd887920c407158e7d189947b
>
> Case 2. works again.
>
> (i.e. the basic case which previously worked with a self-signed root and no intermediate)
>
> Case 1 and 3 are still failing, I'll have a think on Monday but may need a pointer
With https://github.com/openjdk/jdk/pull/22911/commits/0052cd0380b4949b9af689eae660cf3defa5e7d0 all cases are working
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22911#discussion_r1904019353
More information about the security-dev
mailing list