RFR 8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
Wang Weijun
weijun.wang at oracle.com
Tue Jul 8 14:37:03 UTC 2014
Please review the jdk7u-only code change at
http://cr.openjdk.java.net/~weijun/8049480/webrev.00/
The reason is that the jdk7u version [1] of fix for JDK-8049480 is just a hack and not as powerful as its jdk8 sibling [2] and now I'll have to apply the jdk7u jar signature "hack" to timestamp signature again.
I did a find usage on Algorithm.getName() and other cases are not impacted by the name difference.
Thanks
Max
[1] http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c399756623cb
[2] http://hg.openjdk.java.net/jdk9/dev/jdk/rev/5dc3f32c0d26
More information about the security-dev
mailing list