Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8245151

jarsigner should not raise duplicate warnings on verification

XMLWordPrintable

    • b20
    • 15
    • b24
    • Verified

        1. Signed a jar with options "-digestalg SHA-1" and "-tsadigestalg SHA-1", the output contained the blow lines,
        ...
        jar signed.

        Warning:
        The SHA-1 algorithm specified for the -digestalg option is considered a security risk. This algorithm will be disabled in a future update.
        The SHA-1 algorithm specified for the -tsadigestalg option is considered a security risk. This algorithm will be disabled in a future update.
        ...

        2. Verified the signed jar, two duplicate warnings were raised about SHA-1, like the below,
        ...
        jar verified.

        Warning:
        The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
        The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
        ...

              hchao Haimay Chao
              jjiang John Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: