On Tue, 16 May 2023 07:46:37 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
> Hi Christoph, I do not see any reference to kSecTrustSettingsDomainSystem in > your coding. Handling at least kSecTrustSettingsDomainUser and > kSecTrustSettingsDomainAdmin is good but I am not sure about > kSecTrustSettingsDomainSystem . Did you find some documentation why it should > be omitted ? Hi Matthias, yes, I think it is not nicely documented. I've seen in testing, that kSecTrustSettingsDomainSystem merely holds information for trusted root CAs. So in theory, we could add this. However, other code in that area that we've found out in the wild doesn't do it as well. Let's see what others think about this. ------------- PR Comment: https://git.openjdk.org/jdk/pull/13945#issuecomment-1550872311
