You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@netbeans.apache.org by "Austin Stephens (Jira)" <ji...@apache.org> on 2020/11/10 19:53:00 UTC

[jira] [Created] (NETBEANS-5005) There is no KeyStoreProvider for built in trusted certificates

Austin Stephens created NETBEANS-5005:
-----------------------------------------

             Summary: There is no KeyStoreProvider for built in trusted certificates
                 Key: NETBEANS-5005
                 URL: https://issues.apache.org/jira/browse/NETBEANS-5005
             Project: NetBeans
          Issue Type: Bug
          Components: platform - Autoupdate
    Affects Versions: 12.0, Next, 12.1, 12.2, 12.3
         Environment: All
            Reporter: Austin Stephens


Java has a keystore that it uses to verify signatures when it loads classes (last I checked) as well for other things. This keystore is not considered when checking signatures on nbm files and updates. This results in a properly signed jar with a well known certificate root appearing as self signed when doing an update. This is rather troubling if one was releasing a platform application and was expecting the auto-update logic to consider such things as properly signed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists