JDK-8292781 : Relax signature algorithm provider restriction for signed JAR verification
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2022-08-23
  • Updated: 2022-08-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Relates :  
JDK-8292779 - Support arbitrary key/signature algorithms in JAR signing
Description
Currently, verifying a signed JAR only uses a hardcoded of JDK-internal providers. This makes sure a third-party JCA/JCE JAR file does not uses a signature defined inside it to sign itself, and thus avoid an infinite loop. For non JCA/JCE JAR files, this might not be necessary.