On Thu, 21 Mar 2024 15:20:39 GMT, Sean Mullan wrote:
>> Alexey Bakhtin has refreshed the contents of this pull request, and previous
>> commits have been removed. The incremental views will show differences
>> compared to the previous content of the PR. The pull request contains one
>> new com
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Wed, 20 Mar 2024 22:53:40 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Thu, 21 Mar 2024 18:34:38 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Thu, 21 Mar 2024 15:23:03 GMT, Sean Mullan wrote:
> > Hi @seanjmullan Thank you for review I've added the test
>
> Thanks. @rhalade Is this an acceptable place (security/infra) to put a test
> that makes external network connections?
Yes, it is correct place to add this infra test. @alexeyb
On Tue, 19 Mar 2024 14:01:14 GMT, Sean Mullan wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Load root certificates from SystemRootCertificates.keychain
>
> Is it practical to add a test as described in the bug?
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has refreshed the contents of this pull request, and previous
commi
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Tue, 19 Mar 2024 14:01:14 GMT, Sean Mullan wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Load root certificates from SystemRootCertificates.keychain
>
> Is it practical to add a test as described in the bug?
On Fri, 23 Feb 2024 23:07:07 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Fri, 23 Feb 2024 23:07:07 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Mon, 18 Mar 2024 21:05:38 GMT, Weijun Wang wrote:
>> CSR is in the Proposed state now. Workflow does not allow me to Finalize it.
>
> Now that it's in Proposed state, Joe will need to move to Provisional first.
> Since it was already Provisional some time ago and you haven't really updated
>
On Mon, 18 Mar 2024 20:55:17 GMT, Alexey Bakhtin wrote:
>> I added myself as a reviewer some time ago. You can finalize it and wait for
>> approval.
>
> CSR is in the Proposed state now. Workflow does not allow me to Finalize it.
Now that it's in Proposed state, Joe will need to move to Provisi
On Mon, 18 Mar 2024 20:50:06 GMT, Weijun Wang wrote:
>> Thank you. I've updated CSR and waiting for review.
>
> I added myself as a reviewer some time ago. You can finalize it and wait for
> approval.
CSR is in the Proposed state now. Workflow does not allow me to Finalize it.
-
P
On Mon, 18 Mar 2024 20:22:54 GMT, Alexey Bakhtin wrote:
>> Then this is the best solution we can find. I have no more comment and
>> thanks a lot for the patience. You might need to finalize your CSR now.
>
> Thank you. I've updated CSR and waiting for review.
I added myself as a reviewer some
On Mon, 18 Mar 2024 14:28:02 GMT, Weijun Wang wrote:
>> Hi @wangweij ,
>> Thank you for review.
>> Unfortunately `SecTrustCopyCustomAnchorCertificates` can not be used also.
>> It is used to retrieve certificates from your own created SecTrust. As I
>> know it is not possible to create/load Se
On Sat, 9 Mar 2024 05:40:06 GMT, Alexey Bakhtin wrote:
>> src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 525:
>>
>>> 523: // Load predefined root certificates from SystemRootCertificates
>>> keychain
>>> 524: // SecTrustCopyAnchorCertificates includes extra root certific
On Fri, 8 Mar 2024 19:47:00 GMT, Weijun Wang wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Load root certificates from SystemRootCertificates.keychain
>
> src/java.base/macosx/native/libosxsecurity/KeystoreImpl
On Fri, 23 Feb 2024 23:07:07 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Fri, 16 Feb 2024 15:01:34 GMT, Weijun Wang wrote:
>>> Will KEYCHAINSTORE-ROOT contains trusted certs inside KEYCHAINSTORE? I
>>> tried on my machine and there are some items not in `security
>>> dump-trust-settings -s`.
>> `security dump-trust-settings -s` returns only predefined root certif
On Fri, 16 Feb 2024 15:01:34 GMT, Weijun Wang wrote:
> > `security dump-trust-settings -s` returns only predefined root
> > certificates. KEYCHAINSTORE-ROOT additionally contains installed root
> > trusted certificates in the system domain
>
> Are you sure they should be added into this keysto
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Fri, 2 Feb 2024 20:28:58 GMT, Alexey Bakhtin wrote:
> `security dump-trust-settings -s` returns only predefined root certificates.
> KEYCHAINSTORE-ROOT additionally contains installed root trusted certificates
> in the system domain
Are you sure they should be added into this keystore? It l
On Thu, 1 Feb 2024 21:07:32 GMT, Weijun Wang wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Update CheckMacOSKeyChainTrust test
>
> test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 41:
>
>> 39:
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Fri, 2 Feb 2024 19:37:18 GMT, Alexey Bakhtin wrote:
> Will KEYCHAINSTORE-ROOT contains trusted certs inside KEYCHAINSTORE? I tried
> on my machine and there are some items not in `security dump-trust-settings
> -s`.
`security dump-trust-settings -s` returns only predefined root certificates.
On Thu, 1 Feb 2024 21:36:51 GMT, Weijun Wang wrote:
> Will KEYCHAINSTORE-ROOT contains trusted certs inside KEYCHAINSTORE? I tried
> on my machine and there are some items not in `security dump-trust-settings
> -s`.
I've found an issue in the original implementation that prevents adding
diffe
On Thu, 1 Feb 2024 22:08:16 GMT, Alexey Bakhtin wrote:
>> test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 55:
>>
>>> 53: // check user and admin trustsettings to find distrusted
>>> certs
>>> 54: loadUser(false);
>>> 55: loadAdmin(false);
>>
On Thu, 1 Feb 2024 21:11:31 GMT, Weijun Wang wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Update CheckMacOSKeyChainTrust test
>
> test/jdk/java/security/KeyStore/CheckMacOSKeyChainTrust.java line 55:
>
>> 53:
On Thu, 1 Feb 2024 00:23:26 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin ha
On Thu, 1 Feb 2024 00:23:26 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin ha
On Wed, 31 Jan 2024 15:08:09 GMT, Weijun Wang wrote:
> Great! The change looks good. Can you manage to add a test? Maybe try to load
> both store types. Make sure they have different contents and not empty (?).
Thank you. I have updated `java/security/KeyStore/CheckMacOSKeyChainTrust.java`
tes
On Wed, 31 Jan 2024 15:33:28 GMT, Weijun Wang wrote:
> Do you intend to call `addIdentitiesToKeystore` for both store types?
Yes, you are right. Thank you. We do not need private identities in the root
keystore. Updated
-
PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecom
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Thu, 25 Jan 2024 22:01:48 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Thu, 25 Jan 2024 22:01:48 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Wed, 24 Jan 2024 16:04:03 GMT, Weijun Wang wrote:
> Is it possible to reuse some some lines from `addCertificatesToKeystore`?
>
> BTW, I reviewed the CSR.
Hi @wangweij,
Thank you a lot for PR and CSR review. I have updated PR with review findings
and refactored addCertificatesToKeystore/add
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Wed, 24 Jan 2024 15:41:11 GMT, Weijun Wang wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Add KeychainStore-ROOT keystore for root certificates
>
> src/java.base/macosx/classes/apple/security/AppleProvider.ja
On Thu, 4 Jan 2024 02:24:56 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin ha
On Thu, 4 Jan 2024 17:14:18 GMT, Alexey Bakhtin wrote:
> > What are the change for existing `addCertificatesToKeystore` for? Is there
> > any behavior change?
>
> Hi @wangweij . No behavior changes. Just reformatted to make it similar to
> addCertificatesToKeystoreRoot. Can be reverted back.
On Thu, 4 Jan 2024 02:24:56 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin ha
On Thu, 4 Jan 2024 16:56:36 GMT, Weijun Wang wrote:
> What are the change for existing `addCertificatesToKeystore` for? Is there
> any behavior change?
Hi @wangweij . No behavior changes. Just reformatted to make it similar to
addCertificatesToKeystoreRoot. Can be reverted back.
-
On Thu, 4 Jan 2024 02:24:56 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin ha
On Mon, 20 Nov 2023 13:49:33 GMT, Weijun Wang wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> How about putting t
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Fri, 1 Dec 2023 23:39:55 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin ha
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Sat, 18 Nov 2023 02:41:05 GMT, Alexey Bakhtin wrote:
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
How about putting these c
Please review the proposed fix.
The patch loads system root certificates from the MacOS Keychain with
TrustSettings.
It allows to build a trusted certificate path using the MacOS Keychain store
only.
-
Commit messages:
- 8320362: Load anchor certificates from Keychain keystore
Ch
51 matches
Mail list logo
