-
Bug
-
Resolution: Fixed
-
P3
-
solaris_10, 7
-
b55
-
generic, sparc
-
generic, solaris_10
Jarsigner needs enhanced certificate validation
(options) to make it more usefull AND documentation
needs to be more clear on exactly what "jar verified"
means to the customer.
While the encrypted content is verified, the source
(certificate) of the content is not, which may lead
the user into a false sense of security if he/she
does NOT clearly understand the meaning of "verified".
IF the user does try to use the options provided to
accurately qualify the verification of the jarfile
certs, he/she has to slog through the output scanning
for key flags. If a user has 1000s of files this
can be very cumbersome and may lead to the user either
making mistakes or not checking the certs properly or
at all given the difficulty in doing so. The utility
should provide the user an easier way to check for this.
(options) to make it more usefull AND documentation
needs to be more clear on exactly what "jar verified"
means to the customer.
While the encrypted content is verified, the source
(certificate) of the content is not, which may lead
the user into a false sense of security if he/she
does NOT clearly understand the meaning of "verified".
IF the user does try to use the options provided to
accurately qualify the verification of the jarfile
certs, he/she has to slog through the output scanning
for key flags. If a user has 1000s of files this
can be very cumbersome and may lead to the user either
making mistakes or not checking the certs properly or
at all given the difficulty in doing so. The utility
should provide the user an easier way to check for this.
- duplicates
-
JDK-6594047 jarsigner cannot use external certchain
-
- Closed
-
-
-
- Closed
-