-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
P5
-
None
-
Affects Version/s: 7
-
Component/s: security-libs
-
None
When jarsigner is called with the `-internalsf` option, a copy of the .SF file is put inside the signature block (.DSA) file, and the .SF file entry itself is ignored at verification. The .SF can be either missing or any other unrelated file.
On the other hand, `jarsigner -verify -verbose` still parses the .SF files and might print out warnings like "Unparsable signature-related file" or "Missing signature-related file". It should read the content inside the block file instead.
It may print out a warning when there is an .SF file but the content is not identical to the content inside the block file.
On the other hand, `jarsigner -verify -verbose` still parses the .SF files and might print out warnings like "Unparsable signature-related file" or "Missing signature-related file". It should read the content inside the block file instead.
It may print out a warning when there is an .SF file but the content is not identical to the content inside the block file.