-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: None
-
Component/s: security-libs
-
None
-
b40
-
os_x
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8084204 | emb-9 | Vincent Ryan | P4 | Resolved | Fixed | team |
This is a bug reported on http://mail.openjdk.java.net/pipermail/macosx-port-dev/2014-June/006642.html. Attachment sent in a separate mail.
There is a bug in the native KeystoreImpl that it only searches for identities that have a key usage of “Any” using CSSM_KEYUSE_ANY instead of passing `0` to the SecIdentitySearchCreate keychain function. Refer to line 282 in [1]. This will exclude all identities that have a specific key usage set such as “Encrypt, Verify, Wrap, Derive”.
[1] http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/macosx/native/apple/security/KeystoreImpl.m
I have also found issues with instances of KeyEntry that have an empty array for the “chain” property causing index out of bounds exceptions. See attached patch.
There is a bug in the native KeystoreImpl that it only searches for identities that have a key usage of “Any” using CSSM_KEYUSE_ANY instead of passing `0` to the SecIdentitySearchCreate keychain function. Refer to line 282 in [1]. This will exclude all identities that have a specific key usage set such as “Encrypt, Verify, Wrap, Derive”.
[1] http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/macosx/native/apple/security/KeystoreImpl.m
I have also found issues with instances of KeyEntry that have an empty array for the “chain” property causing index out of bounds exceptions. See attached patch.
- backported by
-
JDK-8084204 apple.security.KeychainStore has a problem searching for identities
-
- Resolved
-