[9] RFR: 8168882: keytool doesn't print certificate info if disabled algorithm was used for signing a jar
Wang Weijun
weijun.wang at oracle.com
Thu Nov 3 14:27:53 UTC 2016
I agree with Sean.
--Max
> On Nov 3, 2016, at 10:00 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> You should only unset the jdk.jar.disabledAlgorithms property if a jarfile has been specified.
>
> Also, you are printing the warning message for all usages of the -printcert option, -ssl, etc, which is not correct.
>
> But I don't really think the warning message is necessary. The docs for the -printcert option are pretty clear that it simply extracts the certificate and prints it. If we are going to put a warning in for signed JARs, then arguably we should put in a more general, simple warning in for all usages of this option to say that the certificate, etc is not verified, ex:
>
> "WARNING: The -printcert option does not verify the certificate."
>
> But again, I don't think this is strictly necessary.
>
> Thanks,
> Sean
More information about the security-dev
mailing list