stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8174849: Change SHA1 certpath restrictions

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Anthony Scarpino 2017-02-15 12:55:20 -08:00
parent b284200a90
commit ff79e8c1d7
2 changed files with 3 additions and 3 deletions
jdk/src/java.base/share
classes/sun/security/provider/certpath
AlgorithmChecker.java
conf/security
java.security

2
jdk/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java

@ -276,7 +276,7 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
AlgorithmParameters currSigAlgParams = algorithmId.getParameters(); AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
PublicKey currPubKey = cert.getPublicKey(); PublicKey currPubKey = cert.getPublicKey();
String currSigAlg = x509Cert.getSigAlgName(); String currSigAlg = ((X509Certificate)cert).getSigAlgName();
// Check the signature algorithm and parameters against constraints. // Check the signature algorithm and parameters against constraints.
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,

4
jdk/src/java.base/share/conf/security/java.security

@ -598,8 +598,8 @@ krb5.kdc.bad.policy = tryLast
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
# #
# #
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 DSA keySize < 1024, EC keySize < 224
# #
# Algorithm restrictions for signed JAR files # Algorithm restrictions for signed JAR files