-
Bug
-
Resolution: Fixed
-
P4
-
1.3.0
-
None
-
beta
-
generic
-
generic
When verifying the signature of a jar file we check the signer
certificate KeyUsage extension and require that the digitalSignature
bit is set. This is incorrect as RFC2459 says we should recognize
digitalSignature and/or the non-repudiation bit.
certificate KeyUsage extension and require that the digitalSignature
bit is set. This is incorrect as RFC2459 says we should recognize
digitalSignature and/or the non-repudiation bit.