On Fri, 16 Feb 2024 15:01:34 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>>> Will KEYCHAINSTORE-ROOT contains trusted certs inside KEYCHAINSTORE? I >>> tried on my machine and there are some items not in `security >>> dump-trust-settings -s`. >> `security dump-trust-settings -s` returns only predefined root certificates. >> KEYCHAINSTORE-ROOT additionally contains installed root trusted certificates >> in the system domain > >> `security dump-trust-settings -s` returns only predefined root certificates. >> KEYCHAINSTORE-ROOT additionally contains installed root trusted certificates >> in the system domain > > Are you sure they should be added into this keystore? It looks like all the > extra certs in KEYCHAINSTORE-ROOT that are not in `security > dump-trust-settings -s` are all inside KEYCHAINSTORE. Maybe that's where they > should belong to? @wangweij could you please take a look at the last proposed commit, if you have any chance ------------- PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecomment-1986258560
