On Fri, 3 Jan 2025 16:29:57 GMT, Tim Jacomb <d...@openjdk.org> wrote:
>> Ok this isn't working properly 😢 >> >> 1. ⛔ Fails: Marking the certificate as OS default (which for CA certs is >> trust: false) - with an intermediate >> 2. ⛔ Fails: Marking the certificate as OS default without an intermediate >> 3. ⛔ Fails: Removing the root but leaving the intermediate >> >> Case 2 succeeds on Java 23 > > Interesting for root certificate `SecTrustSettingsCopyTrustSettings` returns: > > * -25300 (not found) when trust policy is `Use System Defaults` > * 0 and a `kSecTrustSettingsResult` value of 3 when set to Never Trust > * 0 and a `kSecTrustSettingsResult` value of 1 when set to Always Trust With https://github.com/openjdk/jdk/pull/22911/commits/5102dade13f44dedd887920c407158e7d189947b Case 2. works again. (i.e. the basic case which previously worked with a self-signed root and no intermediate) Case 1 and 3 are still failing, I'll have a think on Monday but may need a pointer ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22911#discussion_r1901977595
