|
Quick Lists
|
|
Bug ID:
|
6802846
|
|
Votes
|
0
|
|
Synopsis
|
jarsigner needs enhanced cert validation(options)
|
|
Category
|
java:classes_security
|
|
Reported Against
|
|
|
Release Fixed
|
7(b55)
|
|
State
|
10-Fix Delivered,
bug
|
|
Priority:
|
3-Medium
|
|
Related Bugs
|
6594047
,
6802183
|
|
Submit Date
|
09-FEB-2009
|
|
Description
|
Jarsigner needs enhanced certificate validation
(options) to make it more usefull AND documentation
needs to be more clear on exactly what "jar verified"
means to the customer.
While the encrypted content is verified, the source
(certificate) of the content is not, which may lead
the user into a false sense of security if he/she
does NOT clearly understand the meaning of "verified".
IF the user does try to use the options provided to
accurately qualify the verification of the jarfile
certs, he/she has to slog through the output scanning
for key flags. If a user has 1000s of files this
can be very cumbersome and may lead to the user either
making mistakes or not checking the certs properly or
at all given the difficulty in doing so. The utility
should provide the user an easier way to check for this.
Posted Date : 2009-02-09 09:59:41.0
|
|
Work Around
|
N/A
|
|
Evaluation
|
Updates:
1. -verbose:suboptions
2. -strict
3. -verify jarfile aliases...
Posted Date : 2009-03-27 03:27:08.0
http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b752110df530
Posted Date : 2009-03-27 03:27:08.0
|
|
Comments
|
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
