[jdk17u] Integrated: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
Goetz Lindenmaier
goetz at openjdk.org
Fri Sep 16 07:18:51 UTC 2022
On Thu, 15 Sep 2022 10:38:06 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:
> I backport this for parity with 17.0.5-oracle.
>
> I had to resolve the change in a few places:
>
> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
> Where "true" is added to permits() call, code looks different. This is because
> "8243585: AlgorithmChecker::check throws confusing exception when it rejects the signer key"
> is not backported.
> Added true to all calls of permits().
>
> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
> Method permits() has a slightly different implementation in 17.
> The new parameter is just switching off the check. I
> wrapped the check around the code in 17 as in the original.
>
> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
> Copyright
> Call to permits() has different argument.
>
> It already ran successful through our nightly testing.
This pull request has now been integrated.
Changeset: 6bc6980a
Author: Goetz Lindenmaier <goetz at openjdk.org>
URL: https://git.openjdk.org/jdk17u/commit/6bc6980a7d975dbe06b319bf6ac9625749663060
Stats: 120 lines in 9 files changed: 33 ins; 30 del; 57 mod
8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
Reviewed-by: mdoerr
Backport-of: 03f8c0fb9363dc1bb07bed1ae0359c029caa0130
-------------
PR: https://git.openjdk.org/jdk17u/pull/354
More information about the jdk-updates-dev
mailing list