-
Bug
-
Resolution: Fixed
-
P4
-
9
-
b135
-
generic
-
generic
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8183734 | 8u161 | Sean Coffey | P4 | Resolved | Fixed | b01 |
| JDK-8165599 | 8u152 | Sean Coffey | P4 | Resolved | Fixed | b01 |
| JDK-8192471 | emb-8u161 | Sean Coffey | P4 | Resolved | Fixed | b01 |
| JDK-8188491 | 7u171 | Unassigned | P4 | Resolved | Fixed | b01 |
| JDK-8168160 | 7u161 | Sean Coffey | P4 | Resolved | Fixed | b01 |
| JDK-8171692 | 7u151 | Sean Coffey | P4 | Resolved | Fixed | b01 |
| JDK-8171606 | 7u141 | Sean Coffey | P4 | Resolved | Fixed | b01 |
| JDK-8168440 | 7u131 | Sean Coffey | P4 | Resolved | Fixed | b06 |
| JDK-8194037 | openjdk7u | Sean Coffey | P4 | Resolved | Fixed | master |
java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
Unfortunately, that doesn't give us too much information. People want to know exactly what went wrong. Was it an invalid Algorithm issue, was it an invalid keySize issue, etc.
Here's the issue in SSLContextImpl :
} catch (CertPathValidatorException cpve) {
throw new CertificateException(
"Certificates does not conform to algorithm constraints");
}
The cpve here contains valuable information. Example[1] Can we pass it in as 2nd argument to CertificateException ? Examples of info lost :
[1] AlgorithmChecker.java
// Check the current signature algorithm
if (!constraints.permits(
SIGNATURE_PRIMITIVE_SET,
currSigAlg, currSigAlgParams)) {
throw new CertPathValidatorException(
"Algorithm constraints check failed: " + currSigAlg,
null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
- backported by
-
JDK-8165599 CertificateException missing cause of underlying exception
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-