-
Type:
Enhancement
-
Resolution: Not an Issue
-
Priority:
P3
-
None
-
Affects Version/s: None
-
Component/s: security-libs
We should consider changing the behavior for signed JARs that are timestamped and which the jar signature is valid but the timestamp is not parseable or uses an unsupported or weak algorithm. Currently, it appears that these JARs are treated as completely unsigned. However, it really should be treated as signed but without a timestamp.
- relates to
-
JDK-8180289 jarsigner treats timestamped signed jar invalid after the signer cert expires
-
- Closed
-