On Thu, 19 Feb 2026 16:25:45 GMT, Matthias Baesken <[email protected]> wrote:
> Seems there is a call to SecIdentityCopyPrivateKey where we miss calling > CFRelease in early returns/failure cases; same for SecIdentityCopyPrivateKey . > > See the Apple documentation > https://developer.apple.com/documentation/security/secidentitycopyprivatekey(_:_:) > > Also for > https://developer.apple.com/documentation/security/secidentitycopycertificate(_:_:) Btw. looking at https://github.com/openjdk/jdk/commit/0f1b96a50a3a79fd699bf34121df8451ffa37b8f maybe we should remove those added `CFRelease(certChain)` calls if (certChain != NULL) { **CFRelease(certChain);** certChain = NULL; } } } while (searchResult == noErr); errOut: if (identitySearch != NULL) { CFRelease(identitySearch); } if (certChain != NULL) { **CFRelease(certChain);** } because they seem to be transferred too to the the Java side of the coding ? (unfortunately the Java/native coupling in this code it a little bit complicated ) ------------- PR Comment: https://git.openjdk.org/jdk/pull/29821#issuecomment-4236388578
