[jdk17u] RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
Goetz Lindenmaier
goetz at openjdk.org
Fri Sep 16 06:35:01 UTC 2022
On Thu, 15 Sep 2022 10:38:06 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:
> I backport this for parity with 17.0.5-oracle.
>
> I had to resolve the change in a few places:
>
> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
> Where "true" is added to permits() call, code looks different. This is because
> "8243585: AlgorithmChecker::check throws confusing exception when it rejects the signer key"
> is not backported.
> Added true to all calls of permits().
>
> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
> Method permits() has a slightly different implementation in 17.
> The new parameter is just switching off the check. I
> wrapped the check around the code in 17 as in the original.
>
> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
> Copyright
> Call to permits() has different argument.
>
> It already ran successful through our nightly testing.
Pre-submit failure
macos: gent error: java.lang.Exception: Agent 31 timed out with a timeout of 480 seconds; in runtime/LoadClass/TestResize
x86: TestStringDeduplicationAgeThreshold.java#id1 known to be failing sporadically
Both unrelated.
-------------
PR: https://git.openjdk.org/jdk17u/pull/354
More information about the jdk-updates-dev
mailing list