On Mon, 22 May 2023 22:43:18 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This handles the case, when a certificate is in both, the login (user) and >> system keychain. > > How do you know "the existing entry must have the same properties and trust > settings"? Trust settings are stored per certificate. That is, when you do `security add-trusted-cert`, you have to pass a certificate that the entry is created for. It does not matter then, if the certificate is actually present/loaded into any keychain. If the certificate is not in the keychain, a `security dump-trust-settings` will not show the trust entry then but after you add it, it gets visible. So, that means, if two certificates are the same, no matter if they were loaded from different keychains or under different aliases (don't know whether the latter is possible though), they will share the same trust records. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13945#discussion_r1201622626
