changeset 16715:d911fe42d2da

8174849: Change SHA1 certpath restrictions Reviewed-by: mullan
author ascarpino
date Wed, 15 Feb 2017 12:55:20 -0800
parents b035f72cddfc
children 3534a97c9244
files src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java src/java.base/share/conf/security/java.security
diffstat 2 files changed, 3 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java	Wed Feb 15 12:11:03 2017 -0800
+++ b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java	Wed Feb 15 12:55:20 2017 -0800
@@ -276,7 +276,7 @@
 
         AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
         PublicKey currPubKey = cert.getPublicKey();
-        String currSigAlg = x509Cert.getSigAlgName();
+        String currSigAlg = ((X509Certificate)cert).getSigAlgName();
 
         // Check the signature algorithm and parameters against constraints.
         if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
--- a/src/java.base/share/conf/security/java.security	Wed Feb 15 12:11:03 2017 -0800
+++ b/src/java.base/share/conf/security/java.security	Wed Feb 15 12:55:20 2017 -0800
@@ -598,8 +598,8 @@
 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 #
 #
-jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+    DSA keySize < 1024, EC keySize < 224
 
 #
 # Algorithm restrictions for signed JAR files