Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8184673

Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers

    Details

      Backports

        Description

        The change http://hg.openjdk.java.net/jdk9/dev/jdk/rev/d911fe42d2da to sun.security.provider.certpath.AlgorithmChecker has introduced an incompatibility to legacy JCE providers that would return old naming convention names, like SHA1/RSA, for X509Certificate.getSigAlgName().

        Although the new naming such as SHA1withRSA should be implemented by the providers, it is safe to revert this place to take the signature algorithm name from the internal certificate implementation object that exists at this place anyway. By doing this we can overcome the potential incompatibility.

          Issue Links

            Activity

            Hide
            clanger Christoph Langer added a comment -
            Show
            clanger Christoph Langer added a comment - The issue has been discussed here: http://mail.openjdk.java.net/pipermail/security-dev/2017-July/016068.html
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk10/jdk10/jdk/rev/46a03a1d296c
            User: clanger
            Date: 2017-07-17 12:24:34 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk10/jdk10/jdk/rev/46a03a1d296c User: clanger Date: 2017-07-17 12:24:34 +0000
            Hide
            andrew Andrew Hughes added a comment -
            8174849 is also part of this multi-backport patch applied to earlier releases.
            Show
            andrew Andrew Hughes added a comment - 8174849 is also part of this multi-backport patch applied to earlier releases.
            Hide
            coffeys Sean Coffey added a comment -
            [~andrew] please add background to why the critical request label is on this issue. It's already fixed in the jdk8u-dev code line.
            Show
            coffeys Sean Coffey added a comment - [~andrew] please add background to why the critical request label is on this issue. It's already fixed in the jdk8u-dev code line.
            Hide
            robm Robert Mckenna added a comment -
            no response, removing label for now.
            Show
            robm Robert Mckenna added a comment - no response, removing label for now.
            Hide
            andrew Andrew Hughes added a comment -
            No response, over a weekend... :/

            This regression should have been resolved in 8u151. I added the label before that was released.

            We would still like to see it fixed in 8u161 if possible, which I believe is based on 8u152, not 8u162.
            Show
            andrew Andrew Hughes added a comment - No response, over a weekend... :/ This regression should have been resolved in 8u151. I added the label before that was released. We would still like to see it fixed in 8u161 if possible, which I believe is based on 8u152, not 8u162.
            Hide
            rhalade Rajan Halade added a comment -
            Should this also be backported to JDK 9.0.4 along with 8u161?
            Show
            rhalade Rajan Halade added a comment - Should this also be backported to JDK 9.0.4 along with 8u161?
            Hide
            andrew Andrew Hughes added a comment -
            I think so. I don't see it in 9 at all at present.
            Show
            andrew Andrew Hughes added a comment - I think so. I don't see it in 9 at all at present.
            Hide
            coffeys Sean Coffey added a comment -
            This request came in for 8uX fix if I recall correctly (8u critical request) . Let's fix there first. Fixed already in JDK 10.
            Show
            coffeys Sean Coffey added a comment - This request came in for 8uX fix if I recall correctly (8u critical request) . Let's fix there first. Fixed already in JDK 10.

              People

              • Assignee:
                clanger Christoph Langer
                Reporter:
                clanger Christoph Langer
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: