jar verification regression Oracle 8u141

Bernd ecki at zusammenkunft.net
Wed Jul 19 15:15:35 UTC 2017


Hello,

one more thing:

2017-07-19 14:01 GMT+02:00 Bernd <ecki at zusammenkunft.net>:

> I think different jarsigner versions behave differently, some remove that
> section.
>

It is actually not "different jarsigner versions", but we have our own jar
signer implementation (used for self signed test certificates in the build
pipeline). This implementation removes the whole name: section. When using
jarsigner.exe on our sign server on the other hand, it produces the named
section with no digest, which causes JWS to break,

Gruss
Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20170719/e221ed25/attachment-0001.html>


More information about the security-dev mailing list