On Wed, 17 May 2023 20:49:34 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> No matter what `SecTrustSettingsCopyTrustSettings` returns, you will always > call `jm_createTrustedCertEntry`. This means if I add a self-signed > certificate but has not added any trusted settings onto it, it will be always > trusted. Is this intended? Yes, I will call `jm_createTrustedCertEntry` for every certificate, at least independent from the results of the `SecTrustSettingsCopyTrustSettings` calls. As I outlined in my initial PR description, point 3, the actual check whether a certificate is self-signed is done in the `createTrustedCertEntry` Java method. So, yes, when there is a self-signed certificate without explicit trust settings, it is always trusted. I thought that this was the intentional behavior even before my changes. However, the difference to the code before is that I look at the certificate and check whether it is a real plain self-signed certificate that can be used for TLS communication - which would be trusted. But what's not trusted now are CA root certificates which also means self-signed but additionally key usage 'keyCertSign' and/or 'cRLSign'. See [this code](https://github.com/RealCLanger/jdk/blob/b14e5f2c78ff4aded84410a2b58d83138349d9ab/src/java.base/macosx/classes/apple/security/KeychainStore.java#L857) Makes sense? ------------- PR Comment: https://git.openjdk.org/jdk/pull/13945#issuecomment-1552107272
