jar signature certificate key usage check incorrect

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: P4
    • 6
    • Affects Version/s: 1.3.0
    • Component/s: security-libs
    • None
    • beta
    • generic
    • generic

      When verifying the signature of a jar file we check the signer
      certificate KeyUsage extension and require that the digitalSignature
      bit is set. This is incorrect as RFC2459 says we should recognize
      digitalSignature and/or the non-repudiation bit.

            Assignee:
            Weijun Wang
            Reporter:
            Jeffrey Nisewanger (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: