openjdk · timja · Jan 3, 2025 · Jan 3, 2025 · Jan 6, 2025 · Jan 6, 2025
diff --git a/src/java.base/macosx/classes/apple/security/KeychainStore.java b/src/java.base/macosx/classes/apple/security/KeychainStore.java
@@ -878,15 +878,8 @@ private void createTrustedCertEntry(String alias, List<String> inputTrust,
             }
 
             if (tce.trustSettings.isEmpty()) {
-                if (isSelfSigned) {
-                    // If a self-signed certificate has trust settings without specific entries,
-                    // trust it for all purposes
-                    tce.trustedKeyUsageValue = KnownOIDs.anyExtendedKeyUsage.value();
-                } else {
-                    // Otherwise, return immediately. The certificate is not
-                    // added into entries.
-                    return;
-                }
+               // If there is no trust settings then trust the certificate
+               tce.trustedKeyUsageValue = KnownOIDs.anyExtendedKeyUsage.value();
             } else {
                 List<String> values = new ArrayList<>();
                 for (var oneTrust : tce.trustSettings) {

diff --git a/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m b/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m
@@ -411,15 +411,16 @@ static bool loadTrustSettings(JNIEnv *env,
                               jmethodID jm_listAdd,
                               jobject *inputTrust) {
     CFArrayRef trustSettings;
-    // Load trustSettings into inputTrust
-    if (SecTrustSettingsCopyTrustSettings(certRef, domain, &trustSettings) == errSecSuccess && trustSettings != NULL) {
+    if (*inputTrust == NULL) {
+        *inputTrust = (*env)->NewObject(env, jc_arrayListClass, jm_arrayListCons);
         if (*inputTrust == NULL) {
-            *inputTrust = (*env)->NewObject(env, jc_arrayListClass, jm_arrayListCons);
-            if (*inputTrust == NULL) {
-                CFRelease(trustSettings);
-                return false;
-            }
+            CFRelease(trustSettings);
+            return false;
         }
+    }
+
+    // Load trustSettings into inputTrust
+    if (SecTrustSettingsCopyTrustSettings(certRef, domain, &trustSettings) == errSecSuccess && trustSettings != NULL) {
         addTrustSettingsToInputTrust(env, jm_listAdd, trustSettings, *inputTrust);
         CFRelease(trustSettings);
     }
@@ -492,11 +493,6 @@ static void addCertificatesToKeystore(JNIEnv *env, jobject keyStore,
                 goto errOut;
             }
 
-            // Only add certificates with trust settings
-            if (inputTrust == NULL) {
-                continue;
-            }
-
             // Create java object for certificate with trust settings
             if (!createTrustedCertEntry(env, keyStore, certRef, jm_createTrustedCertEntry, inputTrust)) {
                 goto errOut;