| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8247511 | 16 | Andy Herrick | P3 | Resolved | Fixed | b02 |
| JDK-8249429 | 15.0.1 | Unassigned | P3 | Resolved | Fixed | b01 |
When running SigningAppImageTest or SigningPackageTest, you can specify the signing-key-user name and signing-keychain by using system properties set in TEST_VM_OPS.
The default key name ("jpackage.openjdk.java.net") refers to self-signing certificates that are required to be pre-trusted by the user.
If a non-self-signed cert is used instead, It need not (and in fact cannot) be pre-trusted by the user.
The code we have in SigningCheck.validateCertificateTrust() ensures by running security dump-trust-settings that the cert being used are trusted.
This check should only be done when using the default key.
The default key name ("jpackage.openjdk.java.net") refers to self-signing certificates that are required to be pre-trusted by the user.
If a non-self-signed cert is used instead, It need not (and in fact cannot) be pre-trusted by the user.
The code we have in SigningCheck.validateCertificateTrust() ensures by running security dump-trust-settings that the cert being used are trusted.
This check should only be done when using the default key.
- backported by
-
JDK-8247511 Only validate the certificates trust if using the default key user name.
-
- Resolved
-
-
-
- Resolved
-