On Fri, 5 May 2023 21:39:13 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
>> line 2031:
>>
>>> 2029: cert.getSubjectX500Principal() + "]");
>>> 2030: }
>>> 2031: } else {
>>
>> If `destroyIt` is false for the 1st cert, are you going to return false?
>> Maybe it does not matter.
>
> Hmm, I think the rest of chain should still be checked and removed if no
> dependents for them.
Of course, I was only talking about the final return value.
And, I take back my words. This method should return true no matter what
`destroyIt` is. The return value is only used in `deleteEntry` and it should be
true even if the.cert is used elsewhere.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13743#discussion_r1186547307
