On Thu, 1 Feb 2024 00:23:26 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
>> Please review the proposed fix. >> >> The patch loads system root certificates from the MacOS Keychain with >> TrustSettings. >> It allows to build a trusted certificate path using the MacOS Keychain store >> only. > > Alexey Bakhtin has updated the pull request incrementally with one additional > commit since the last revision: > > Update CheckMacOSKeyChainTrust test test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 41: > 39: * honors trust settings > 40: * @run main CheckMacOSKeyChainTrust KEYCHAINSTORE > 41: * @run main CheckMacOSKeyChainTrust KEYCHAINSTORE-ROOT Can we do both in a single test run? test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 55: > 53: // check user and admin trustsettings to find distrusted certs > 54: loadUser(false); > 55: loadAdmin(false); Not sure what the 2 lines above are for? Is it possible a cert is distrusted in user/admin store but trusted in root store and you want to make it sure it does not appear in KEYCHAINSTORE-ROOT? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16722#discussion_r1475150824 PR Review Comment: https://git.openjdk.org/jdk/pull/16722#discussion_r1475154375
