Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.2.5
-
Fix Version/s: 6.3
-
Component/s: Core/Parsing
-
Labels:None
-
Environment:any
Description
A customer has encountered a signature that is not correctly validated by our validation method. Further analysis is required.
Activity
Field | Original Value | New Value |
---|---|---|
Fix Version/s | 6.3 [ 13093 ] |
Status | Open [ 1 ] | Resolved [ 5 ] |
Resolution | Fixed [ 1 ] |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #51810 | Tue Aug 01 13:52:02 MDT 2017 | patrick.corless | anchor for validation for a certification chain which more then one certificate in the chain. |
Files Changed | ||||
![]() ![]() ![]() ![]() ![]() |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #51811 | Tue Aug 01 13:59:13 MDT 2017 | patrick.corless | anchor for validation for a certification chain which more then one certificate in the chain. |
Files Changed | ||||
![]() ![]() |
Status | Resolved [ 5 ] | Closed [ 6 ] |
The signature in question contains three certificates chained together. The structure looks something like this:
-SwissSign Qualified Platinum CA 2010 - G2
The original verification code was not correctly passing the intermediate certificates when building the trust anchors and thus verification would always fail. The nice part about his change is that the SwissSign root certification is already added as a trusted cert in the jre keystore. Which means there is no further keystore work required by the end user to verify this signature.
Nice green "validates" icons are now shown.