I'm working on a test so we avoid this in the future.
Tony
On 07/14/2017 11:05 AM, Sean Mullan wrote:
It would be nice to write a regression test for this, but I suspect it
is quite a bit of work or not practical. Please consider it, or add an
appropriate noreg label to the bug.
--Sean
On 7/14/17 12:56 PM, Anthony Scarpino wrote:
On 07/14/2017 08:37 AM, Langer, Christoph wrote:
Hi,
after the discussion in thread
http://mail.openjdk.java.net/pipermail/security-dev/2017-July/016068.html,
please review my proposed change:
Bug: https://bugs.openjdk.java.net/browse/JDK-8184673
Change:
*diff -r 76fca9438ee9 -r 9c2438e0a823
src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java*
---
a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
Thu Jul 13 13:42:39 2017 +0200
+++
b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
Fri Jul 14 17:35:36 2017 +0200
@@ -270,7 +270,7 @@
AlgorithmParameters currSigAlgParams =
algorithmId.getParameters();
PublicKey currPubKey = cert.getPublicKey();
- String currSigAlg = ((X509Certificate)cert).getSigAlgName();
+ currSigAlg = x509Cert.getSigAlgName();
I think you need to prepend with "String " to your change.
// Check the signature algorithm and parameters against
constraints.
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
Otherwise it looks fine.
Tony
