On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain > removal? > > The proposed fix will not remove the cert if it has a corresponding private > key or is an issuer of other entities in the same keystore. > > Thanks, > Valerie test/jdk/sun/security/pkcs11/KeyStore/CertChainRemoval.java line 176: > 174: > 175: // should only have "pk1" now > 176: checkEntry(ks, "pk1", pk1Chain); When the kesytore should only have "pk1” now, how would checkEntry(ks, "pk1", pk1Chain) succeed as it expects to have the “ca.cert” in the pk1Chain? The “ca.cert” shall not be deleted because “pk1.cert” depends on it. I may have missed something here. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13743#discussion_r1183111954
