On Tue, 8 Mar 2022 23:22:56 GMT, Mark Powers <d...@openjdk.java.net> wrote:
> https://bugs.openjdk.java.net/browse/JDK-8234128 > > My initial attempt had too many bad side-effects. This latest fix only tries > to suppress the warning message. test/jdk/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest2.java line 50: > 48: > 49: createAlias(CA_KEY_ALIAS, "-ext", "bc"); > 50: createAlias(FIRST_KEY_ALIAS); Is this creating a 3-cert chain (signer -> intermediate -> trust anchor) or just a 2-cert chain (signer -> trust anchor)? I ask because the bug description specifies that it requires a missing signer alias but an intermediate CA being present (and I assume the TA as well). This looks like it's creating a 2-cert chain. From looking at the loop in intKeyStoreForOneSigner perhaps it doesn't matter and a 2-cert is just as good as a 3-cert chain. ------------- PR: https://git.openjdk.java.net/jdk/pull/7751