RFR 8036709: Java 7 jarsigner displays warning about cert policy tree

Sean Mullan sean.mullan at oracle.com
Thu May 22 18:15:42 UTC 2014


Hi Max,

Did you consider using a CertPathBuilder instead? This should 
essentially do the same thing (find a matching trust anchor, and build a 
validated path).

--Sean

On 05/21/2014 08:20 PM, Wang Weijun wrote:
> Hi All
>
> Please review the code change at
>
>     http://cr.openjdk.java.net/~weijun/8036709/webrev.01/
>
> Before this change, jarsigner simply put a cert chain into a CertPath and validate it. If the CertPath contains a trust anchor inside, the validation could fail even if it should not. This fix searches for a trust anchor in the cert chain, if truncate at the position if one is found. If the first certificate is already a trust anchor, we don't do validation at all.
>
> Thanks
> Max
>



More information about the security-dev mailing list