Hi All Please review the code change at
http://cr.openjdk.java.net/~weijun/8036709/webrev.01/ Before this change, jarsigner simply put a cert chain into a CertPath and validate it. If the CertPath contains a trust anchor inside, the validation could fail even if it should not. This fix searches for a trust anchor in the cert chain, if truncate at the position if one is found. If the first certificate is already a trust anchor, we don't do validation at all. Thanks Max
