Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8174849: Change SHA1 certpath restrictions
authorascarpino
Wed, 15 Feb 2017 12:55:20 -0800
changeset 43807 82f979ff031f
parent 43806 36e9a4583949
child 43808 c0a93657773d
8174849: Change SHA1 certpath restrictions Reviewed-by: mullan
jdk/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/conf/security/java.security file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java	Wed Feb 15 12:11:03 2017 -0800
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java	Wed Feb 15 12:55:20 2017 -0800
@@ -276,7 +276,7 @@
 
         AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
         PublicKey currPubKey = cert.getPublicKey();
-        String currSigAlg = x509Cert.getSigAlgName();
+        String currSigAlg = ((X509Certificate)cert).getSigAlgName();
 
         // Check the signature algorithm and parameters against constraints.
         if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
--- a/jdk/src/java.base/share/conf/security/java.security	Wed Feb 15 12:11:03 2017 -0800
+++ b/jdk/src/java.base/share/conf/security/java.security	Wed Feb 15 12:55:20 2017 -0800
@@ -598,8 +598,8 @@
 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 #
 #
-jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+    DSA keySize < 1024, EC keySize < 224
 
 #
 # Algorithm restrictions for signed JAR files
jdk-sandbox