Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates #73

Closed

Conversation

RealCLanger
Copy link
Contributor

@RealCLanger RealCLanger commented Jun 7, 2023

Hi all,

This pull request contains a backport of JDK-8303465, commit ac41c030 from the openjdk/jdk repository.

This is an improvement for the handling of certificates from the MacOSX keychain which regressed since the April 2022 CPU update (11.0.15) and does not show all appropriate certificates that it should do. The fix was just recently submitted in head and came too late for the regular dev cycle for 11.0.20. However, I would ask to include it now in rampdown, since we have an open customer issue that it would solve. Since our customer is consuming the JDK via Eclipse/Adoptium, it would also not suffice to cherry-pick it into the SapMachine build only, so that's why my request is to take it into 11.0.20.

The backport applied nearly clean, I only had to adapt some Java code due to lacking instanceof features in 11.

It involves a CSR but the original CSR has been approved for all relevant backport releases.

Thanks
Christoph


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change requires CSR request JDK-8308690 to be approved

Issues

  • JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates (Bug - P3)
  • JDK-8308690: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates (CSR)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u.git pull/73/head:pull/73
$ git checkout pull/73

Update a local copy of the PR:
$ git checkout pull/73
$ git pull https://git.openjdk.org/jdk11u.git pull/73/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 73

View PR using the GUI difftool:
$ git pr show -t 73

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u/pull/73.diff

Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Jun 7, 2023

👋 Welcome back clanger! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport ac41c030030c3d31815474c793ac9c420c47e22c 8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates Jun 7, 2023
@openjdk
Copy link

openjdk bot commented Jun 7, 2023

This backport pull request has now been updated with issue from the original commit.

@openjdk
Copy link

openjdk bot commented Jun 7, 2023

@RealCLanger This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates

Reviewed-by: mbaesken

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 1 new commit pushed to the master branch:

  • 1660788: 8304291: [AIX] Broken build after JDK-8301998

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added ready Pull request is ready to be integrated rfr Pull request is ready for review labels Jun 7, 2023
@mlbridge
Copy link

mlbridge bot commented Jun 7, 2023

Webrevs

@openjdk openjdk bot removed clean ready Pull request is ready to be integrated labels Jun 8, 2023
Copy link
Member

@MBaesken MBaesken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Jun 12, 2023
@RealCLanger
Copy link
Contributor Author

JBS approval received

/integrate

@openjdk
Copy link

openjdk bot commented Jun 14, 2023

Going to push as commit d286dde.
Since your change was applied there have been 2 commits pushed to the master branch:

  • 0770b1f: 8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently
  • 1660788: 8304291: [AIX] Broken build after JDK-8301998

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Jun 14, 2023
@openjdk openjdk bot closed this Jun 14, 2023
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Jun 14, 2023
@openjdk
Copy link

openjdk bot commented Jun 14, 2023

@RealCLanger Pushed as commit d286dde.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport integrated Pull request has been integrated
2 participants