Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8247418

Only validate the certificates trust if using the default key user name.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 15
    • 15
    • tools
    • b28
    • os_x

    Backports

      Description

        When running SigningAppImageTest or SigningPackageTest, you can specify the signing-key-user name and signing-keychain by using system properties set in TEST_VM_OPS.
        The default key name ("jpackage.openjdk.java.net") refers to self-signing certificates that are required to be pre-trusted by the user.
        If a non-self-signed cert is used instead, It need not (and in fact cannot) be pre-trusted by the user.
        The code we have in SigningCheck.validateCertificateTrust() ensures by running security dump-trust-settings that the cert being used are trusted.
        This check should only be done when using the default key.

        Attachments

          Issue Links

            Activity

              People

                herrick Andy Herrick (Inactive)
                herrick Andy Herrick (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: