On Thu, 1 Feb 2024 22:08:16 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
>> test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 55: >> >>> 53: // check user and admin trustsettings to find distrusted >>> certs >>> 54: loadUser(false); >>> 55: loadAdmin(false); >> >> Not sure what the 2 lines above are for? Is it possible a cert is distrusted >> in user/admin store but trusted in root store and you want to make it sure >> it does not appear in KEYCHAINSTORE-ROOT? > > Yes. Exactly. The trusted cert can be distrusted in the user/admin domain, so > It should not be available in the KEYCHAINSTORE-ROOT This is OK. Although it means different people will see different root CA certs. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16722#discussion_r1476527798
