On Thu, 19 Feb 2026 16:25:45 GMT, Matthias Baesken <[email protected]> wrote:
> Seems there is a call to SecIdentityCopyPrivateKey where we miss calling > CFRelease in early returns/failure cases; same for SecIdentityCopyPrivateKey . > > See the Apple documentation > https://developer.apple.com/documentation/security/secidentitycopyprivatekey(_:_:) > > Also for > https://developer.apple.com/documentation/security/secidentitycopycertificate(_:_:) > > --------- > - [x] I confirm that I make this contribution in accordance with the [OpenJDK > Interim AI Policy](https://openjdk.org/legal/ai). Not sure about this CFRetain. Seems we call here the java method createTrustedCertEntry (with param `jlong nativeRef = ptr_to_jlong(certRef)`;) https://github.com/openjdk/jdk/blob/03b46a308ce944b515939db613f5250a5b84b844/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m#L463 and there we store the cert reference (`tce.certRef = keychainItemRef`;) https://github.com/openjdk/jdk/blob/03b46a308ce944b515939db613f5250a5b84b844/src/java.base/macosx/classes/apple/security/KeychainStore.java#L856 Where do you think we should change something in this coding? ------------- PR Comment: https://git.openjdk.org/jdk/pull/29821#issuecomment-4236729807
