On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
> After 8278449, we seem to ignore in the call > > ` if (SecTrustSettingsCopyTrustSettings(certRef, > kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) ` > > all trusted certs from admin and system domains, so a lot more certs are > ignored than necessary. > Probably we should take at least the certs with trust settings from > kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin and > kSecTrustSettingsDomainSystem domains . Maybe it's only the testing machines are too clean and simply do not have any trusted settings. I tried `security dump-trust-settings -s` there and it shows all root CAs. I've made a small change to the test and it will not fail when exit value is not 0. ------------- PR: https://git.openjdk.org/jdk/pull/12829
