JDK-6355119 : Non-codeSigning certificates shouldn't be used for signing jars
- Type: Enhancement
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 6
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- OS: solaris_10
- CPU: sparc
- Submitted: 2005-11-24
- Updated: 2010-11-04
- Resolved: 2005-12-17
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 |
|---|
6 b65Fixed  |
Related Reports
|
Relates :
|
Description
A certificate has its special usages, which is marked by the KeyUsage, ExtendedKeyUsage or NetscapeCertType extensions inside it. When its usage is not specified for code signing (say, SSL server authentication), it shouldn't be used to sign a jar file. Therefore, jarsigner should print out a warning when such a certificate is used.
Comments
|