On Mon, 20 Nov 2023 13:49:33 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Please review the proposed fix. >> >> The patch loads system root certificates from the MacOS Keychain with >> TrustSettings. >> It allows to build a trusted certificate path using the MacOS Keychain store >> only. > > How about putting these certs into a different keystore like Windows does > (there are `Windows-MY` and `Windows-ROOT` there)? Anyway, there needs a CSR > and release note for this big change. As suggested by @wangweij, the new Keychain-ROOT keystore is introduced for the trusted anchor certificates. The Keychain-ROOT keystore is read-only and throws KeyStoreException in an attempt to modification ------------- PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecomment-1876218683
