[icedtea-web] RFC: Patch to fix signature verification on OpenJDK7
Deepak Bhole
dbhole at redhat.com
Wed Aug 3 11:03:57 PDT 2011
* Dr Andrew John Hughes <ahughes at redhat.com> [2011-08-03 13:55]:
> On 13:45 Wed 03 Aug , Deepak Bhole wrote:
> > Hi,
> >
> > OpenJDK7 reports MANIFEST.MF as a signed entry even when it is not. This
> > causes the signature verification code in icedtea-web to throw an error
> > as it is not expecting MANIFEST.MF to be signed.
> >
> > Attached patch makes it so that entries with signature are tracked iff
> > the entry is expected to be signed. This ensures that icedtea-web will
> > work with 6 and 7.
> >
> > Okay for HEAD and backport to 1.1/1.0?
> >
> > ChangeLog:
> >
> > 2011-08-03 Deepak Bhole <dbhole at redhat.com>
> >
> > * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): Put
> > entry in cert hashtable only if the entry is expected to be signed.
> >
> > Thanks,
> > Deepak
>
> Do you think this is a bug in 7? Or the right behaviour?
>
The change was on purpose. This message has an explanation of why:
http://mail.openjdk.java.net/pipermail/security-dev/2010-December/002460.html
Cheers,
Deepak
> --
> Andrew :)
>
> Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> Support Free Java!
> Contribute to GNU Classpath and IcedTea
> http://www.gnu.org/software/classpath
> http://icedtea.classpath.org
> PGP Key: F5862A37 (https://keys.indymedia.org/)
> Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37
More information about the distro-pkg-dev
mailing list