Austin Stephens created NETBEANS-5005:
-----------------------------------------
Summary: There is no KeyStoreProvider for built in trusted
certificates
Key: NETBEANS-5005
URL: https://issues.apache.org/jira/browse/NETBEANS-5005
Project: NetBeans
Issue Type: Bug
Components: platform - Autoupdate
Affects Versions: 12.0, Next, 12.1, 12.2, 12.3
Environment: All
Reporter: Austin Stephens
Java has a keystore that it uses to verify signatures when it loads classes
(last I checked) as well for other things. This keystore is not considered when
checking signatures on nbm files and updates. This results in a properly signed
jar with a well known certificate root appearing as self signed when doing an
update. This is rather troubling if one was releasing a platform application
and was expecting the auto-update logic to consider such things as properly
signed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org
For additional commands, e-mail: commits-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
