[icedtea-web] RFC: Patch to fix signature verification on OpenJDK7
Deepak Bhole
dbhole at redhat.com
Wed Aug 3 10:45:32 PDT 2011
Hi,
OpenJDK7 reports MANIFEST.MF as a signed entry even when it is not. This
causes the signature verification code in icedtea-web to throw an error
as it is not expecting MANIFEST.MF to be signed.
Attached patch makes it so that entries with signature are tracked iff
the entry is expected to be signed. This ensures that icedtea-web will
work with 6 and 7.
Okay for HEAD and backport to 1.1/1.0?
ChangeLog:
2011-08-03 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): Put
entry in cert hashtable only if the entry is expected to be signed.
Thanks,
Deepak
-------------- next part --------------
diff -r 7668bf410571 netx/net/sourceforge/jnlp/tools/JarSigner.java
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Tue Aug 02 11:05:47 2011 +0200
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Wed Aug 03 13:39:31 2011 -0400
@@ -284,7 +284,7 @@
if (shouldHaveSignature)
totalSignableEntries++;
- if (isSigned) {
+ if (shouldHaveSignature && isSigned) {
for (int i = 0; i < signers.length; i++) {
CertPath certPath = signers[i].getSignerCertPath();
if (!certs.containsKey(certPath))
More information about the distro-pkg-dev
mailing list