JDK-8184673 : Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 8u141,9,10
- Priority: P2
- Status: Closed
- Resolution: Fixed
- Submitted: 2017-07-14
- Updated: 2018-02-15
- Resolved: 2017-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 10 | JDK 8 | Other |
|---|---|---|
10 b16Fixed  |
8u161Fixed |
openjdk7uFixed |
Related Reports
|
Relates :
|
|
|
Relates :
|
Description
The change http://hg.openjdk.java.net/jdk9/dev/jdk/rev/d911fe42d2da to sun.security.provider.certpath.AlgorithmChecker has introduced an incompatibility to legacy JCE providers that would return old naming convention names, like SHA1/RSA, for X509Certificate.getSigAlgName(). Although the new naming such as SHA1withRSA should be implemented by the providers, it is safe to revert this place to take the signature algorithm name from the internal certificate implementation object that exists at this place anyway. By doing this we can overcome the potential incompatibility.
Comments
|