RFR 8180289: jarsigner treats timestamped signed jar invalid after the signer cert expires

Weijun Wang weijun.wang at oracle.com
Thu Oct 19 07:11:14 UTC 2017


Please review the fix at

  http://cr.openjdk.java.net/~weijun/8180289/webrev.00/

The code change contains:

- Fix the bug by passing the timestamp to Validator::validate.

- CertPath validation on timestamp signer cert and related warning messages

- Output change: "chain not validated" -> "invalid chain". Otherwise it looks jarsigner has not validated them.

Thanks
Max




More information about the security-dev mailing list