[RFR] 8174849: Change SHA1 certpath restrictions - issue with 3rd party JCE provider

Anthony Scarpino anthony.scarpino at oracle.com
Fri Jul 14 03:36:03 UTC 2017

On 07/13/2017 11:26 AM, Anthony Scarpino wrote:
> On 07/12/2017 11:59 PM, Langer, Christoph wrote:
>> I then suggest to also revert JDK10 and 9 to use
>> X509CertImpl.getSigAlgName() forthe time being until some better
>> check to go for the encoded AlgorithmId. Would you be fine with
>> that
> Looking back at the original code, before any of these changes were put 
> in, it was always "((X509Certificate)cert).getSigAlgName();". I would 
> guess I changed this in February to go back to the original method called.

Ignore my comments above, I didn't go far enough back in the changeset 
diffs to see it had used X509CertImpl originally.


More information about the security-dev mailing list