On Fri, 23 Feb 2024 23:07:07 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Load root certificates from SystemRootCertificates.keychain
src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 525:
> 523: // Load predefined root certificates from SystemRootCertificates
> keychain
> 524: // SecTrustCopyAnchorCertificates includes extra root certificates
> and can not be used here
> 525: if(
> SecKeychainOpen("/System/Library/Keychains/SystemRootCertificates.keychain",
> &keychain) != errSecSuccess ) {
I'll study the API more but it looks too implementation-detail dependent to
read the file directly. Are there any other APIs? I see one named
`SecTrustCopyCustomAnchorCertificates`. Can it be used?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16722#discussion_r1518225296
