You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@netbeans.apache.org by "Austin Stephens (Jira)" <ji...@apache.org> on 2020/11/10 19:53:00 UTC
[jira] [Created] (NETBEANS-5005) There is no KeyStoreProvider for
built in trusted certificates
Austin Stephens created NETBEANS-5005:
-----------------------------------------
Summary: There is no KeyStoreProvider for built in trusted certificates
Key: NETBEANS-5005
URL: https://issues.apache.org/jira/browse/NETBEANS-5005
Project: NetBeans
Issue Type: Bug
Components: platform - Autoupdate
Affects Versions: 12.0, Next, 12.1, 12.2, 12.3
Environment: All
Reporter: Austin Stephens
Java has a keystore that it uses to verify signatures when it loads classes (last I checked) as well for other things. This keystore is not considered when checking signatures on nbm files and updates. This results in a properly signed jar with a well known certificate root appearing as self signed when doing an update. This is rather troubling if one was releasing a platform application and was expecting the auto-update logic to consider such things as properly signed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists