JDK-8160655 : Fix denyAfter and usage types for security properties
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-06-30
  • Updated: 2022-10-31
  • Resolved: 2017-02-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10 JDK 8 JDK 9
10Fixed 8u152Resolved 9 b157Fixed
Related Reports
Relates :  
JDK-8175250 - Manifest checking throws exception with no entry
Relates :  
JDK-8170131 - Certificates not being blocked by jdk.tls.disabledAlgorithms property
Relates :  
JDK-8154015 - Apply algorithm constraints to timestamped code
Relates :  
JDK-8149555 - JEP 288: Disable SHA-1 Certificates
Relates :  
JDK-8176350 - Usage constraints don't take effect when using PKIX
Sub Tasks
JDK-8175798 :  
Release Note: Fix denyAfter and usage types for security properties - Closed
Description
Fix denyAfter to work property with jdk.jar.disabledAlgorithms, and rework constraints to be based off some operation type (Validator.VAR_*) instead of all operations.  This helps differentiate which operation tls, certpath, and/or jar security properties will constrain.
Comments
URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/00cd2ba50e10 User: lana Date: 2017-02-15 20:09:52 +0000
15-02-2017
URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/00cd2ba50e10 User: ascarpino Date: 2017-02-08 20:09:02 +0000
08-02-2017
This fix will coverage the issue described in JDK-8170707. See JDK-8170707 for the regression issue of JDK-8140422.
18-01-2017