RFR 8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
Wang Weijun
weijun.wang at oracle.com
Wed Jul 9 04:37:46 UTC 2014
On Jul 8, 2014, at 23:15, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> Looks fine to me.
>
> It would be nice to extend AlgorithmId.getStandardDigestName() to
> AlgorithmId.getStandardName() in the future.
The JDK8 version of fix for 7180907 already had AlgorithmId.getName() returning the standard one.
--Max
>
> Xuelei
>
> On 7/8/2014 10:37 PM, Wang Weijun wrote:
>> Please review the jdk7u-only code change at
>>
>> http://cr.openjdk.java.net/~weijun/8049480/webrev.00/
>>
>> The reason is that the jdk7u version [1] of fix for JDK-7180907 is just a hack and not as powerful as its jdk8 sibling [2] and now I'll have to apply the jdk7u jar signature "hack" to timestamp signature again.
>>
>> I did a find usage on Algorithm.getName() and other cases are not impacted by the name difference.
>>
>> Thanks
>> Max
>>
>> [1] http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c399756623cb
>> [2] http://hg.openjdk.java.net/jdk9/dev/jdk/rev/5dc3f32c0d26
>>
>
More information about the security-dev
mailing list