Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8184673

Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers

    Details

    • Subcomponent:
    • Introduced In Version:
    • Resolved In Build:
      b16
    • Verification:
      Verified

      Backports

        Description

        The change http://hg.openjdk.java.net/jdk9/dev/jdk/rev/d911fe42d2da to sun.security.provider.certpath.AlgorithmChecker has introduced an incompatibility to legacy JCE providers that would return old naming convention names, like SHA1/RSA, for X509Certificate.getSigAlgName().

        Although the new naming such as SHA1withRSA should be implemented by the providers, it is safe to revert this place to take the signature algorithm name from the internal certificate implementation object that exists at this place anyway. By doing this we can overcome the potential incompatibility.

          Issue Links

            Activity

            clanger Christoph Langer created issue -
            clanger Christoph Langer made changes -
            Field Original Value New Value
            Link This issue relates to JDK-8174849 [ JDK-8174849 ]
            clanger Christoph Langer made changes -
            Status New [ 10000 ] Open [ 1 ]
            clanger Christoph Langer made changes -
            Description The change http://hg.openjdk.java.net/jdk9/dev/jdk/rev/d911fe42d2da to sun.security.provider.certpath.AlgorithmChecker.java has introduced an incompatibility to legacy JCE providers that would return old naming convention names, like SHA1/RSA, for X509Certificate.getSigAlgName().

            Although the new naming such as SHA1withRSA should be implemented by the providers, it is safe to revert this place to take the signature algorithm name from the internal certificate implementation object that exists at this place anyway. By doing this we can overcome the potential incompatibility.
            The change http://hg.openjdk.java.net/jdk9/dev/jdk/rev/d911fe42d2da to sun.security.provider.certpath.AlgorithmChecker has introduced an incompatibility to legacy JCE providers that would return old naming convention names, like SHA1/RSA, for X509Certificate.getSigAlgName().

            Although the new naming such as SHA1withRSA should be implemented by the providers, it is safe to revert this place to take the signature algorithm name from the internal certificate implementation object that exists at this place anyway. By doing this we can overcome the potential incompatibility.
            mullan Sean Mullan made changes -
            Fix Version/s 10 [ 16302 ]
            clanger Christoph Langer made changes -
            Labels noreg-external
            hgupdate HG Updates made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolved In Build master [ 18256 ]
            Resolution Fixed [ 1 ]
            clanger Christoph Langer made changes -
            Labels noreg-external 9-bp noreg-external
            coffeys Sean Coffey made changes -
            Link This issue backported by JDK-8184743 [ JDK-8184743 ]
            clanger Christoph Langer made changes -
            Labels 9-bp noreg-external noreg-external
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8184745 [ JDK-8184745 ]
            ascarpino Anthony Scarpino made changes -
            Link This issue backport of JDK-8184767 [ JDK-8184767 ]
            ascarpino Anthony Scarpino made changes -
            Link This issue relates to JDK-8184802 [ JDK-8184802 ]
            ascarpino Anthony Scarpino made changes -
            Link This issue backport of JDK-8184767 [ JDK-8184767 ]
            hgupdate HG Updates made changes -
            Resolved In Build master [ 18256 ] b16 [ 17312 ]
            andrew Andrew Hughes made changes -
            Labels noreg-external 8u-CPU-critical-request noreg-external
            andrew Andrew Hughes made changes -
            Link This issue relates to JDK-8176536 [ JDK-8176536 ]
            robm Robert Mckenna made changes -
            Labels 8u-CPU-critical-request noreg-external noreg-external
            andrew Andrew Hughes made changes -
            Labels noreg-external 8u-CPU-critical-request noreg-external
            coffeys Sean Coffey made changes -
            Labels 8u-CPU-critical-request noreg-external 8u-CPU-critical-request CPU18_01-critical-request noreg-external regression
            rhalade Rajan Halade made changes -
            Labels 8u-CPU-critical-request CPU18_01-critical-request noreg-external regression 8u-CPU-critical-request CPU18_01-critical-SQE-OK CPU18_01-critical-request noreg-external regression
            wyandi Winston Yandi made changes -
            Labels 8u-CPU-critical-request CPU18_01-critical-SQE-OK CPU18_01-critical-request noreg-external regression 8u-CPU-critical-request CPU18_01-critical-SQE-OK CPU18_01-critical-approved noreg-external regression
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8190490 [ JDK-8190490 ]
            wyandi Winston Yandi made changes -
            Labels 8u-CPU-critical-request CPU18_01-critical-SQE-OK CPU18_01-critical-approved noreg-external regression 8u-CPU-critical-approved CPU18_01-critical-SQE-OK CPU18_01-critical-approved noreg-external regression
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8190622 [ JDK-8190622 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8192661 [ JDK-8192661 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8194033 [ JDK-8194033 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8195542 [ JDK-8195542 ]
            jjiang John Jiang made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            Verification Verified [ 17000 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8197369 [ JDK-8197369 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8198115 [ JDK-8198115 ]

              People

              • Assignee:
                clanger Christoph Langer
                Reporter:
                clanger Christoph Langer
              • Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: