JDK-8172529 : Use PKIXValidator in jarsigner
  • Type: Bug
  • Component: security-libs
  • Sub-Component: jdk.security
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2017-01-11
  • Updated: 2018-11-14
  • Resolved: 2017-01-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10 JDK 7 JDK 8 JDK 9 Other
10Fixed 7u211Fixed 8u191Fixed 9 b154Fixed openjdk7uFixed
Related Reports
Relates :  
PKIXValidator is able to detect cross-signed certificates inside a cert chain so that the shortest path is used in validation. It is also used by Java Plug-in to determine if a signed jar can be trusted. Jarsigner should also use the same method is that the output is consistent.
Change priority from P4 to P3 because this bug is important for the weak crypto roadmap. We want jarsigner and Plugin/WebStart to return consistent results.