Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8165274

SHA1 certpath constraint check fails with OCSP certificate

XMLWordPrintable

    • b142
    • Verified

        OCSP certificate with SHA1 signature is not algorithm constrained when jdk.certpath.disabledAlgorithms is set to restrict SHA1.

        A setup where certificate path includes all certificates with SHA256 except OCSP, successfully validates certpath when SHA1 is constrained. Since OCSP signer certificate has SHA1 signature, it should be restricted and validation should fail with "Algorithm constraint check failed".

        CRL signing should also be checked in the same context.

              ascarpino Anthony Scarpino
              rhalade Rajan Halade
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: