jar verification regression Oracle 8u141
Bernd
ecki at zusammenkunft.net
Wed Jul 19 15:15:35 UTC 2017
Hello,
one more thing:
2017-07-19 14:01 GMT+02:00 Bernd <ecki at zusammenkunft.net>:
> I think different jarsigner versions behave differently, some remove that
> section.
>
It is actually not "different jarsigner versions", but we have our own jar
signer implementation (used for self signed test certificates in the build
pipeline). This implementation removes the whole name: section. When using
jarsigner.exe on our sign server on the other hand, it produces the named
section with no digest, which causes JWS to break,
Gruss
Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20170719/e221ed25/attachment.htm>
More information about the security-dev
mailing list