Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8247418

Only validate the certificates trust if using the default key user name.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 15
    • Fix Version/s: 15
    • Component/s: tools
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b28
    • OS:
      os_x

      Backports

        Description

        When running SigningAppImageTest or SigningPackageTest, you can specify the signing-key-user name and signing-keychain by using system properties set in TEST_VM_OPS.
        The default key name ("jpackage.openjdk.java.net") refers to self-signing certificates that are required to be pre-trusted by the user.
        If a non-self-signed cert is used instead, It need not (and in fact cannot) be pre-trusted by the user.
        The code we have in SigningCheck.validateCertificateTrust() ensures by running security dump-trust-settings that the cert being used are trusted.
        This check should only be done when using the default key.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  herrick Andy Herrick
                  Reporter:
                  herrick Andy Herrick
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: