Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8247418

Only validate the certificates trust if using the default key user name.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 15
    • Fix Version/s: 15
    • Component/s: tools
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b28
    • OS:
      os_x

      Backports

        Description

        When running SigningAppImageTest or SigningPackageTest, you can specify the signing-key-user name and signing-keychain by using system properties set in TEST_VM_OPS.
        The default key name ("jpackage.openjdk.java.net") refers to self-signing certificates that are required to be pre-trusted by the user.
        If a non-self-signed cert is used instead, It need not (and in fact cannot) be pre-trusted by the user.
        The code we have in SigningCheck.validateCertificateTrust() ensures by running security dump-trust-settings that the cert being used are trusted.
        This check should only be done when using the default key.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                herrick Andy Herrick
                Reporter:
                herrick Andy Herrick
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: