RFR 10 (XS): 8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers
Langer, Christoph
christoph.langer at sap.com
Fri Jul 14 15:37:00 UTC 2017
Hi,
after the discussion in thread http://mail.openjdk.java.net/pipermail/security-dev/2017-July/016068.html, please review my proposed change:
Bug: https://bugs.openjdk.java.net/browse/JDK-8184673
Change:
diff -r 76fca9438ee9 -r 9c2438e0a823 src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
--- a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java Thu Jul 13 13:42:39 2017 +0200
+++ b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java Fri Jul 14 17:35:36 2017 +0200
@@ -270,7 +270,7 @@
AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
PublicKey currPubKey = cert.getPublicKey();
- String currSigAlg = ((X509Certificate)cert).getSigAlgName();
+ currSigAlg = x509Cert.getSigAlgName();
// Check the signature algorithm and parameters against constraints.
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
Thanks and best regards
Christoph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20170714/c48b2eb4/attachment.htm>
More information about the security-dev
mailing list