Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » P2 » Bundle signing certificate handling in P2
Bundle signing certificate handling in P2 [message #1745199] Thu, 06 October 2016 11:46 Go to next message
Steve Francisco is currently offline Steve FranciscoFriend
Messages: 4
Registered: July 2009
Junior Member
P2 will warn if unsigned jars are being installed, but it does not seem to check for certificate validity. I am able to install jars signed with an expired certificate without warnings or errors. From looking at the code, I suspect the same is true for revoked certificates. Can someone explain the current implementation and what the expected behaviour is?
Re: Bundle signing certificate handling in P2 [message #1745225 is a reply to message #1745199] Thu, 06 October 2016 16:29 Go to previous message
Brian de Alwis is currently offline Brian de AlwisFriend
Messages: 772
Registered: January 2012
Senior Member

I was curious about this too. From looking at the code, the certificate verification is handled by the CertificateChecker, created by the CheckTrust phase implementation. The CertificateChecker uses the OSGi SignedContentFactory to check the signed status.

Equinox provides a single implementation, SignedBundleHook. It uses a osgi.signedcontent.support property, and maybe one of those options will help?


Eclipse Platform committer. Ask me about Eclipse support, training, and consulting.
Previous Topic:Download statistics server
Next Topic:P2 Update - User Agent buildId
Goto Forum:
  


Current Time: Sat Sep 22 16:51:13 GMT 2018

Powered by FUDForum. Page generated in 0.01928 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top