RFR: 8277474: jarsigner does not check if algorithm parameters are disabled [v2]

Hai-May Chao hchao at openjdk.java.net
Wed Mar 2 17:45:56 UTC 2022


> This fixes jarsigner to enforce checking against algorithm constraint properties so when the signature algorithms parameters use disabled or legacy algorithms, it will emit warnings accordingly. If the algorithm used in parameters is disabled, jarsigner treats the jar as unsigned.

Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:

  Removed unneeded import and updated -verbose output

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/7582/files
  - new: https://git.openjdk.java.net/jdk/pull/7582/files/70da21b4..9ffda802

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7582&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7582&range=00-01

  Stats: 13 lines in 2 files changed: 6 ins; 3 del; 4 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7582.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7582/head:pull/7582

PR: https://git.openjdk.java.net/jdk/pull/7582



More information about the security-dev mailing list