On Thu, 13 Jan 2022 21:57:57 GMT, Sean Mullan wrote:
>> If a JAR is signed with multiple digest algorithms and one of the digest
>> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
>> returning null indicating that the jar entry has no signers.
>>
>> This fixes the
On Thu, 13 Jan 2022 21:57:57 GMT, Sean Mullan wrote:
>> If a JAR is signed with multiple digest algorithms and one of the digest
>> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
>> returning null indicating that the jar entry has no signers.
>>
>> This fixes the
On Thu, 13 Jan 2022 21:54:17 GMT, Weijun Wang wrote:
>> The algorithm constraints check will be skipped (because `permittedAlgs`
>> will be `null`) but the hash check will not be skipped.
>>
>> I don't think `null` would be returned in a normal case. The only case I can
>> think of is if
On Thu, 13 Jan 2022 19:54:44 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
>> line 211:
>>
>>> 209: }
>>> 210:
>>> 211: CodeSigner[] entrySigners = sigFileSigners.get(name);
>>
>> What if we return here if `entrySigners ==
> If a JAR is signed with multiple digest algorithms and one of the digest
> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
> returning null indicating that the jar entry has no signers.
>
> This fixes the issue such that an entry is considered signed if at least one
On Thu, 13 Jan 2022 16:55:08 GMT, Weijun Wang wrote:
>> If a JAR is signed with multiple digest algorithms and one of the digest
>> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
>> returning null indicating that the jar entry has no signers.
>>
>> This fixes the
On Wed, 12 Jan 2022 21:57:22 GMT, Sean Mullan wrote:
> If a JAR is signed with multiple digest algorithms and one of the digest
> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
> returning null indicating that the jar entry has no signers.
>
> This fixes the issue
On Thu, 13 Jan 2022 13:56:14 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
>> line 212:
>>
>>> 210:
>>> 211: CodeSigner[] entrySigners = sigFileSigners.get(name);
>>> 212: Map permittedAlgs =
>>
>> maybe
On Wed, 12 Jan 2022 21:57:22 GMT, Sean Mullan wrote:
> If a JAR is signed with multiple digest algorithms and one of the digest
> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
> returning null indicating that the jar entry has no signers.
>
> This fixes the issue
On Thu, 13 Jan 2022 12:33:53 GMT, Sean Coffey wrote:
>> If a JAR is signed with multiple digest algorithms and one of the digest
>> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
>> returning null indicating that the jar entry has no signers.
>>
>> This fixes the
On Wed, 12 Jan 2022 21:57:22 GMT, Sean Mullan wrote:
> If a JAR is signed with multiple digest algorithms and one of the digest
> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
> returning null indicating that the jar entry has no signers.
>
> This fixes the issue
If a JAR is signed with multiple digest algorithms and one of the digest
algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
returning null indicating that the jar entry has no signers.
This fixes the issue such that an entry is considered signed if at least one of
the
12 matches
Mail list logo
